[Aptitude-devel] Bug#794830: Bug#794830: aptitude: segfaults in memory allocation

Axel Beckert abe at debian.org
Fri Aug 7 07:22:33 UTC 2015 

Control: tag -1 + confirmed

Hi Matthijs,

Matthijs van Duin wrote:
> Since upgrade to 0.7, aptitude's TUI has become unusable for me due to
> consistent crashes, in particular occuring:
> 
> 1. if I set the package tree limit, in either view
> 2. if I perform a search
> 3. if I open the menu bar (^T) and repeatedly change between menus.

There are two more where it crashes for me:

4. Start the TUI, do not open any tree, press Cursor down.
5. Occassionally directly after all downloads where finished.

I've reported number 4 against cwidget at
https://bugs.debian.org/794705 but the backtrace there seems different
from yours.

> In case of the search, it is interesting to note that it still seems to
> correctly perform the live-search while typing the query, but crashes
> upon OKing the dialog, but not when pressing Cancel. OKing a failed
> search only crashes after performing doing repeatedly.
>
> The CLI operation appears unaffected so far.

I can confirm that.

> Most crashes are segfaults at:
> #0  0x00007ffff5a63b15 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #1  0x00007ffff5a64ef8 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #2  0x00007ffff5a67080 in malloc () from /lib/x86_64-linux-gnu/libc.so.6
> #3  cwidget::util::transcode_buffer (...) at transcode.cc:99
> #4  cwidget::util::transcode (...) at transcode.cc:249
> #5  transcode (...) at transcode.h:48
> #6  cwidget::util::transcode (...) at transcode.cc:270
> (rest of traceback varies)

this one looks like to be in cwidget, too.

> However setting the limit in hierarchical view segfaults at:
> #0  0x00007ffff5a64538 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #1  deallocate (...) at /usr/include/c++/5/ext/new_allocator.h:110
> #2  deallocate (...) at /usr/include/c++/5/bits/alloc_traits.h:386
> #3  _M_destroy (...) at /usr/include/c++/5/bits/basic_string.h:185
> #4  _M_dispose (...) at /usr/include/c++/5/bits/basic_string.h:180
> #5  ~basic_string (...) at /usr/include/c++/5/bits/basic_string.h:544
> #6  ~pkg_subtree_with_order (...) at ../../src/pkg_grouppolicy.cc:62

This one is probably in aptitude itself. So they're probably different
issue. Keeping them in one bug report for the moment, though, until
someone can pinpoint the cause more precise than me.

> occasionally instead of a segv I get an abort preceded by the message:
> 	munmap_chunk(): invalid pointer

Confirmed.

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

More information about the Aptitude-devel mailing list