[Bug 1790671] Re: /usr/lib/packagekit/packagekitd:11:std::__cxx11::basic_string:AptIntf::providesCodec:backend_what_provides_thread:pk_backend_job_thread_setup:g_thread_proxy

Launchpad Bug Tracker 1790671 at bugs.launchpad.net
Thu Oct 25 14:49:12 UTC 2018 

This bug was fixed in the package packagekit - 1.1.9-1ubuntu2.18.04.3

---------------
packagekit (1.1.9-1ubuntu2.18.04.3) bionic; urgency=medium

  * Pass --no-restart-after-upgrade to dh_installsystemd to avoid PackageKit
    restarting while upgrading under PackageKit (LP: #1790613)

packagekit (1.1.9-1ubuntu2.18.04.2) bionic; urgency=medium

  * debian/patches/frontend-locking.diff:
    Implement frontend locking in a simple way. Will need some more
    work to upstream, and possibly some error checking. (LP: #1795614)
  * Bump libapt-pkg-dev build-dep to >= 1.6.5~ for frontend locking
  * debian/patches/aptcc-Fix-invalid-version-dereference-in-AptInf-prov.patch,
    aptcc-removing-duplicate-delete-call.patch:
    Fix invalid dereference and delete wrong (duplicate) "delete"
    statement in providesCodec (LP: #1790671)

 -- Julian Andres Klode <juliank at ubuntu.com>  Mon, 15 Oct 2018 15:46:47
+0200

** Changed in: packagekit (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to packagekit in Ubuntu.
https://bugs.launchpad.net/bugs/1790671

Title:
  /usr/lib/packagekit/packagekitd:11:std::__cxx11::basic_string:AptIntf::providesCodec:backend_what_provides_thread:pk_backend_job_thread_setup:g_thread_proxy

Status in packagekit package in Ubuntu:
  Fix Released
Status in packagekit source package in Bionic:
  Fix Released

Bug description:
  [Impact]
  pkcon what-provides and other tools querying codecs do not work, they crash (unless you happen to be lucky with your apt cache). Also, cancalled transactions crash as well, even if you're lucky with your apt cache, as the "matcher" object is deleted twice.

  There are two reasons: A duplicate delete statement in providesCodec
  entered when cancelling the lookup, and a invalid pointer dereference
  in there.

  [Test case]
  The daemon should not crash as below, but should print a useful message.

  $ lxc launch -e ubuntu:bionic bbb
  $ lxc exec bbb apt update
  $ lxc exec bbb -- apt  -y  install packagekit
  $ lxc exec bbb pkcon what-provides  "gstreamer1.0(decoder-audio/ac3)"
  [...] The daemon crashed mid-transaction!

  (empty lxd container seems to be able to reproduce easily)

  This only tests the pointer dereference, I don't have a test for the
  duplicate. But the code is obviously correct:

   for ... [
     if (m_cancel) {
       // here used to be "delete matcher" - that's deleted
       break;
     }
   }
   delete matcher;

  That is, matcher is always deleted once now, and was always deleted
  twice when cancelling before.

  [Regression potential]
  I don't think it's possible to have a regression here, given the nature of the fix, but if there were one, we'd see different behavior in codec lookup.

  For the duplicate delete on cancelled transactions, you'd be looking
  at memory leaks if there were a regression.

  [Other info]
  The Ubuntu Error Tracker has been receiving reports about a problem regarding packagekit.  This problem was most recently seen with package version 1.1.10-1ubuntu2, the problem page at https://errors.ubuntu.com/problem/46649a8a55e07e74b9d522c9bc9d71a74905ccc2 contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports.
  If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1790671/+subscriptions

More information about the foundations-bugs mailing list