Bug 104171 - PK lib segfaults on Google Chrome APT repo (breaks gnome security updates for all pkgs)
Summary: PK lib segfaults on Google Chrome APT repo (breaks gnome security updates for...
Status: RESOLVED NOTABUG
Alias: None
Product: PackageKit
Classification: Unclassified
Component: backend-apt (show other bugs)
Version: unspecified
Hardware: Other Linux (All)
: medium major
Assignee: Richard Hughes
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-08 11:35 UTC by Alan Jenkins
Modified: 2018-08-21 21:08 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alan Jenkins 2017-12-08 11:35:22 UTC
gnome-software is crashing on startup (so security notifications are never delivered), when there are updates available from the Google Chrome APT repository.


$ apt-cache policy gnome-software
gnome-software:
  Installed: 3.22.5-1
  Candidate: 3.22.5-1
  Version table:
 *** 3.22.5-1 500
        500 http://ftp.uk.debian.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status
$ apt-cache policy libpackagekit-glib2-18
libpackagekit-glib2-18:
  Installed: 1.1.5-2
  Candidate: 1.1.5-2
  Version table:
 *** 1.1.5-2 500
        500 http://ftp.uk.debian.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status


Thread 9 "pool" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffcffff700 (LWP 2689)]
gs_plugin_add_updates (plugin=0x555555885d00, list=0x555557735af0, cancellable=<optimized out>, error=<optimized out>)
    at gs-plugin-systemd-updates.c:122
(gdb) bt full 1
#0  gs_plugin_add_updates (plugin=0x555555885d00, list=0x555557735af0, cancellable=<optimized out>, error=<optimized out>) at gs-plugin-systemd-updates.c:122
        app = 0x5555558af7c0
        split = 0x0
        i = 1
        error_local = 0x0
        package_ids = 0x7fffc0073d00

Source code gs-plugin-systemd-updates.c:

121     split = pk_package_id_split (package_ids[i]);
122     gs_app_add_source (app, split[PK_PACKAGE_ID_NAME]);

We have split = 0x0 (NULL pointer) above. pk_package_id_split() returns NULL only when the id is invalid.

(gdb) p package_ids[0]
$1 = (gchar *) 0x7fffc407f720 "google-chrome-stable;63.0.3239.84-1;amd64;google"
(gdb) p package_ids[1]
$2 = (gchar *) 0x7fffc4087e20 "_inc.-stable-main"
(gdb) p package_ids[2]
$3 = (gchar *) 0x0
(gdb) p i
$5 = 1

It seems the invalid id is `_inc.-stable-main`. `pkcon get-updates` shows only one package containing the text from both ids. However `pkcon get-offline-updates` appears to illustrate the same bug. (`apt-get --dry-run upgrade shows there is only one upgradable package`):

$ pkcon get-updates      
Normal          google-chrome-stable-63.0.3239.84-1.amd64 (google,_inc.-stable-main)    The web browser from Google
$ pkcon offline-get-prepared
Prepared updates:
google-chrome-stable-63.0.3239.84-1.amd64
(null)

because `pk-offline.c` does:

/* return raw package ids */
return g_strsplit (prepared_ids, ",", -1);


So PK offline does not handle an ID that looks like this.  Despite that `pkcon get-updates` was able to do so, hence I assume pk_package_id_split() is claiming that an ID which contains "," is perfectly valid.

Both the code quotes above appear the same in GIT master.
Comment 1 Alan Jenkins 2017-12-08 11:38:04 UTC
$ cat /var/lib/PackageKit/prepared-update 
[update]
prepared_ids=google-chrome-stable;63.0.3239.84-1;amd64;google,_inc.-stable-main
Comment 2 Richard Hughes 2017-12-10 14:26:59 UTC
I've pushed this on the gnome-software side:

commit 8c018b5c36f3ef60a2a641024cadb8e693aa6d0c
Author: Richard Hughes <richard@hughsie.com>
Date:   Sun Dec 10 14:14:23 2017 +0000

    packagekit: Do not crash when getting an invalid ID from PackageKit
    
    Fixes half of https://bugs.freedesktop.org/show_bug.cgi?id=104171
Comment 3 Richard Hughes 2018-08-21 15:52:54 UTC
We moved the upstream bugtracker to GitHub a long time ago. If this issue still affects you please re-create the issue here: https://github.com/hughsie/PackageKit/issues
 
Sorry for the impersonal message, and fingers crossed your issue no longer happens. Thanks.
Comment 4 Alan Jenkins 2018-08-21 21:08:08 UTC
> Sorry for the impersonal message, and fingers crossed your issue no longer happens. Thanks.

Fingers crossed!  I haven't fully tested, but there is reason to hope, at least for google-chrome.

I don't see the problematic comma in the package ID now, if I run `pkcon search google-chrome` on Ubuntu 18.04.  (PackageKit 1.1.9-1ubuntu2).


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.