-
Notifications
You must be signed in to change notification settings - Fork 289
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OstreeRepoAutoTransaction used with uninitialized refcount in ostree_repo_prepare_transaction() #2592
Comments
smcv
added a commit
to smcv/ostree
that referenced
this issue
Apr 30, 2022
Previously, the reference count was left uninitialized as a result of bypassing the constructor, and the intended abort-on-error usually wouldn't have happened. Fixes: 8a9737a "repo/private: move OstreeRepoAutoTransaction to a boxed type" Resolves: ostreedev#2592 Signed-off-by: Simon McVittie <smcv@collabora.com>
smcv
added a commit
to smcv/flatpak
that referenced
this issue
Apr 30, 2022
Signed-off-by: Simon McVittie <smcv@collabora.com>
This was referenced Apr 30, 2022
smcv
added a commit
to smcv/ostree
that referenced
this issue
Apr 30, 2022
Previously, the reference count was left uninitialized as a result of bypassing the constructor, and the intended abort-on-error usually wouldn't have happened. Fixes: 8a9737a "repo/private: move OstreeRepoAutoTransaction to a boxed type" Resolves: ostreedev#2592 Signed-off-by: Simon McVittie <smcv@collabora.com>
smcv
added a commit
to smcv/flatpak
that referenced
this issue
Apr 30, 2022
We can't use a branch based on libostree git main, because it now needs a newer GLib than the one in Ubuntu 20.04. Signed-off-by: Simon McVittie <smcv@collabora.com>
smcv
added a commit
to smcv/flatpak
that referenced
this issue
Apr 30, 2022
There's no release yet with this fixed, and even if there was, we wouldn't be able to use it in our Ubuntu 20.04 container because it would depend on a newer GLib version. Signed-off-by: Simon McVittie <smcv@collabora.com>
cgwalters
pushed a commit
that referenced
this issue
May 4, 2022
Previously, the reference count was left uninitialized as a result of bypassing the constructor, and the intended abort-on-error usually wouldn't have happened. Fixes: 8a9737a "repo/private: move OstreeRepoAutoTransaction to a boxed type" Resolves: #2592 Signed-off-by: Simon McVittie <smcv@collabora.com> (cherry picked from commit 71304e8)
smcv
added a commit
to smcv/flatpak
that referenced
this issue
Aug 16, 2022
This is fixed in v2022.3, but that version missed the boat for Ubuntu 22.04. Signed-off-by: Simon McVittie <smcv@collabora.com>
alexlarsson
pushed a commit
to flatpak/flatpak
that referenced
this issue
Aug 16, 2022
This is fixed in v2022.3, but that version missed the boat for Ubuntu 22.04. Signed-off-by: Simon McVittie <smcv@collabora.com>
clrpackages
pushed a commit
to clearlinux-pkgs/flatpak
that referenced
this issue
Sep 29, 2022
…1.14.0 Aleix Pol (1): Do not forget to pass the actual error message Alexander Larsson (32): Bump version to 1.13.1 on master Transaction: Fail the resolve if xa.metadata invalid or missing Require metadata in commit also for OCI remotes Ensure that bundles have metadata on install Make --nofilesystem=host/home remove access to subdirs of those manpages: Document the new details of --nofilesystem behaviour. flatpak-context: Properly flatten filesystem permissions CI: build on "main" branch, not "master" Change references from "master" branch to "main" in docs and comments Update the bundled dbus-proxy to 0.1.3 appstream deploy: Clean up temporary files on error appstream deploy: Delete old tmpfiles Update changelog for 1.13.x so far. build-update: Only add the specified summary-arches to the compat summary main: Don't install polkit agent when running in tests, fixing slowness. Bump glib requirement to 2.46 (from 2.44) oci-registry: Be better at finding error message in registry reponses Use GUri (possibly with backport) instead of SoupURI http utils: Make a generic FlatpakHttpSession instead of SoupSession http: Add flatpak_load_uri_full with some more complete features oci-registry: Use the new http header parser oci-registry: Use the new utils to encode url queries flatpak-uri: Add some uri query and http header utils oci-registry: Use the new http methods to replace last soup use Move all use of soup APIs into flatpak-utils-http uri utils: Add some helpers for HTTP timestamps tests: Don't fail if OSTREE_DEBUG_HTTP is set in the test env flatpak-http: Restructure the soup http implementation http: Support curl CI: Add libcurl-dev to CI install Extend the CI build support, including testing the soup backend CI: Build appstream dependency Alexmelman88 (1): Update ru.po (#4975) Anders Jonsson (6): Update Swedish translation Update Swedish translation Update Swedish translation Update Swedish translation Update Swedish translation Update Swedish translation Bastien Nocera (1): run: Don't propagate GStreamer variables to the sandbox Christian Kirbach (1): Update proof-read German translation Danilo Bargen (2): build-export: Avoid segfault if Exec line is missing from desktop file build-export: Explicitly allow empty Exec values in desktop file Debarshi Ray (13): dir: Use SHA256, not SHA1, to name the cache for a filtered remote selinux: Let the system helper have read access to /etc/passwd selinux: Let the system helper watch files inside $libexecdir selinux: Permit read access to /var/lib/flatpak NEWS: Update for 1.13.3 so far utils: Avoid passing a potentially NULL pointer to strlen(3) dir: Don't ignore errors when deleting a file context, instance: Don't ignore errors when creating directories build: Don't leak the destination prefix selinux: Permit using systemd-userdbd NEWS: Update for 1.13.3 so far CI: Use CodeQL Action v2, not the deprecated v1 selinux: Permit read access to symbolic links in /var/lib/flatpak Dmitry (5): Update hi.po Update hi.po Update hi.po Update hi.po Update hi.po Eric Curtin (1): Fix some warn_unused_result warnings Ettore Atalan (1): Update German translation Fina Wilke (1): Increase verbosity of extension missing error messages Guido Günther (2): build-finish: Export appstream metainfo into a single directory tests: Test appdata installation Hugo Carvalho (1): Add portuguese(pt) translation and sort LINGUAS file alphabetically JakobDev (1): Remove Souk from Readme Jan Tojnar (2): tests: Allow FLATPAK_BINARY=flatpak for exports run: Use URN for fontconfig DTD Julian Orth (1): wayland: allow absolute path in WAYLAND_DISPLAY Kukuh Syafaat (1): Update Indonesian translation Lionir (1): Add XDG_STATE_HOME and HOST_XDG_STATE_HOME env variables Matheus Barbosa (1): Update Brazilian Portuguese translation Matthias Clasen (1): document-unexport: Allow unexporting by docid Mejans (1): some more transaltions Milan Crha (1): common: Add thread safety on libcurl usage Mo 森 (3): l10n: update Indonesian translation l10n/id: 'obyek' is not a proper word in Indonesian l10n/id: remove an erroneous extra newline Nick Reiley (1): Add --socket=gpg-agent Patrick (1): gitmodules: Update xdg-dbus-proxy branch Patrick Griffis (5): Re-enable HTTP compression run: Fix session-bus and a11y-bus args being incorrect Add have-kernel-module conditional Fix reliability of detecting GTK theme Allow sub-sandboxes to own MPRIS names Phaedrus Leeds (140): NEWS: Fix a typo doc: Clarify default setting of noenumerate/nodeps options Fix capitalization of "false" in flatpakref keyfiles CI: Add 1.12 branch README: update documentation of subdirectories testlibrary: Don't use g_assert() testlibrary: Tweak some helper functions testlibrary: Add missing cleanup testlibrary: Make remote existence assertions more friendly common: Improve a few REF_NOT_FOUND error messages dir: Don't mask the main ref of a noenumerate remote Fix implementation of xa.noenumerate remote option Include extensions in listing origin remote refs testlibrary: Add test for remote nodeps option Pedantic typo fix doc/flatpakrepo: Fix a typo .gitignore: Update for recent changes test-update-portal: Fix warn_unused_result warning dir: Fix a return of FALSE rather than NULL README: Add more helpful build instructions Add checkbox to issue template tests: Drop some unneeded CFLAGS/LDADD SECURITY.md: Update supported branches dir: Fix typos in a warning dir: Fix an issue with fetch_remote_ref_sync() search: Don't strip .desktop suffix overzealously search: Use <bundle> ID to determine flatpak app ID transaction: Fix signal Since annotations app: Don't use carriage return for non-fancy output build-update-repo: Don't try to generate deltas of unknown refs app: Fix behavior when installing end-of-life-rebased ref Ensure refs are updated from their origin transaction: Utilize runtime repo info for origin remote Don't use app title from flatpakref as remote title Change how automatic pinning is implemented tests: Use ${FLATPAK} not flatpak Make test suite logs prettier Move build instructions to HACKING.md tests: Fix a comment app: Don't tab-complete on aliases list: Tweak logic for excluding Locale/Debug extensions dir: Verify subsummary checksum from disk cache Update variant-schema-compiler to fix build tests: Make grep assertions more specific app: Refuse to work with sudo and --user dir: Fix an error path when deploying malformed apps dir: Fix another deploy error code path dir: Fix a typo in a comment dir: Make use of is_flatpak_ref() history: Fix printing refs history: Omit entries for appstream refs history: Fix exclusion of temp repos Add a unit test for the history command doc/flatpak-history: Specify journalctl command app: Don't use polkit agent in history command test-history.sh: Fix flakiness by moving sleep repair: Properly mark invalid commits as partial Add a test for the repair command document-unexport: Finish implementing --doc-id Export to share/metainfo not share/appdata .github: Add checkbok for security sensitive issues Add test for metadata validation dir: Fix typo of bundle Revert "search: Use <bundle> ID to determine flatpak app ID" Revert "search: Don't strip .desktop suffix overzealously" Add macro for having appstream 0.14.0 app: Check appstream file not found error code search: Fix printing app ID with no .desktop suffix tests: test search command search: Properly get branch values search: Improve memory efficiency doc: Tweak a few man pages NEWS: Remove an inaccurate entry for 1.13.1 Delete some unreachable ref-not-found code Disable fancy output when G_MESSAGES_DEBUG is set Cache result of flatpak_fancy_output() dir: Fix inaccurate nullable annotation dir: Work around libostree partial pull bug dir: Add some precondition checks to repo_pull() app: Don't overzealously tab complete options doc: Try to clarify flatpak-spawn docs gitignore: Add libglnx-config.h Update libglnx to fix distcheck Update NEWS for 1.13.1 Update pofiles for release icon-validator: Print format and size to stdout icon-validator: Add a note on code sharing icon-validator: Fix -Wformat-security warning dir: Rewrite dynamic launcher entries on deploy po: Update last translater for id.po Improve --sideload-repo option to take create-usb dirs uninstall: Error out when all refs are invalid uninstall: Make error message prettier app: Disable fuzzy ref matching when id has a slash app: Disable fuzzy ref matching when id has a period app: Disable fuzzy matching if not on a tty uninstall: Make help message more accurate doc/flatpak-run: Add more info doc/flatpak-run: Update docs about env vars tests: Remove a pointless test common: Fix a parenthesis typo in an error message app: Fix typo in debug message transaction: Validate end-of-life-rebase ref app: Improve end-of-life info message dir: Don't waste time reading metadata for the wrong ref uninstall: Fix support for --noninteractive transaction: Add new API for getting an op by ref app: Use bold app ID for permissions heading update: Add newline before nothing to do message Update NEWS for 1.13.3 build: Bump version to 1.13.3 Update pofiles for release tests: Skip test-history.sh without libsystemd CI: Temporarily build without libsystemd .gitignore: Add tests/runtime-repo.stamp Revert "CI: Temporarily build without libsystemd" app: Fix inefficiency in pin and mask commands app/flatpak-complete.c: Fix typo common: Remove erroneous Since: annotations doc/flatpak-override: Tweak manpage transaction: Tweak docs on get_related_to_ops() API transaction: Fix typos and wrap lines app: List apps that use a runtime extension when it's EOL app: Improve checking for dependent apps in EOL messages uninstall: Ask for confirmation for used runtime extensions app: Tweak messages about dependent apps uninstall: Prompt for confirmation on used runtime removal app: Un-split EOL translatable sentences app: Un-split some translatable strings app: Remove a duplicated else if block app: Un-split translatable strings again CONTRIBUTING.md: Add instructions for using TESTS variable build-export: Fully ignore stdout content of icon validation common: Add missing error codes to GDBusErrorEntry array Add DeploySideloadCollectionID flatpakref/flatpakrepo key build-export: Don't warn on missing Exec= if DBusActivatable=true app: Add -u alias for --user Add a vim modeline and .editorconfig Prepare v1.14.0 Update pofiles for release Philip Withnall (8): flatpak-utils-http: Ensure to wake up the main context on error flatpak-transaction: Add get_no_interaction() method flatpak-transaction: Add no-interaction property flatpak-transaction: Tidy up property implementation app: Port to libappstream app: Drop unnecessary wrappers subprojects: Update variant-schema-compiler to bring in leak fixes flatpak-remote: Fix some minor leaks of some property values Ping (1): Update Croatian translation Piotr Drąg (4): Update Polish translation Update Polish translation Update Polish translation Update POTFILES.in Ryan Gonzalez (5): Add a profile script for Fish Fix fish profile script install directory dir: Cache the refs set when finding related refs Fix metadata file contents after null terminators being ignored Add --include-sdk/debug to install SDK/debuginfo along with a ref Sabri Ünal (1): Uptade Turkish translation Simon McVittie (96): run: Handle unknown syscalls as intended common: Backport g_get_language_names_with_category() more thoroughly Fix handling of syscalls only allowed by --devel run: Improve error handling/diagnostics for calls into libseccomp tests: Generate Makefile-test-matrix.am.inc in $(srcdir) tests: Add try-syscall helper tests: Add basic test coverage for our seccomp filters session-helper: Move FlatpakHostCommandFlags to header file session-helper: Add FLATPAK_HOST_COMMAND_FLAGS_NONE run: Mention why we're using .local/state doc: Mention that setting XDG_STATE_HOME is a new feature doc: Mention how to get a compatible ~/.local/state with older versions tests: Check that we handle XDG_foo_HOME as intended run: Always create .local/state directory tests: Assert that XDG_foo_HOME directories are all created Don't rely on AS_BUNDLE_KIND_FLATPAK existing test-override: Assert that only the expected term is negated test-override: Assert that unimplemented suffix is ignored with a warning run: Avoid execve() when measuring test coverage Revert "manpages: Document the new details of --nofilesystem behaviour." Revert "Make --nofilesystem=host/home remove access to subdirs of those" run, override: Clarify the effect of --nofilesystem test-override: Assert pre-1.12.3 behaviour of --nofilesystem=home, host test-override: Assert that --nofilesystem with suffix yields a warning context: Introduce new --nofilesystem=host:reset test-exports: Exercise host:reset and related filesystem tokens test-context: Exercise some corner cases for merging filesystems test-override: Exercise --nofilesystem=host:reset autogen.sh: Use command -v to check whether commands exist triggers: Quote more defensively triggers: Use command -v in preference to which tests: Use type -P in preference to which tests/try-syscall.c: Add a note about keeping this in sync with bubblewrap NEWS: Correct release date for 1.12.4 Update changelog for 1.13.x so far run: Avoid cast warning when built with -Wwrite-strings run: Improve const-correctness of Xauth code run: Avoid signed/unsigned comparison in Xauth handling run: Factor out parsing X11 displays into a helper function run: Treat DISPLAY=unix:42 the same as :42 run: Support parsing non-local X11 addresses run: Handle X11 over local abstract or TCP sockets run: Allow remapping Xauthority entries for remote or forwarded X11 run: Interpret tcp: addresses for PulseAudio dir: Pass cancellable through to remote EnsureRepo call dir: Factor out common code to call EnsureRepo on system helper dir: Factor out function to open the libostree repository dir: Use system helper to create system repo if necessary dir: Avoid polkit prompts for EnsureRepo in most CLI commands dir: Include repo path in error message if unable to create it app: Make ALL_DIRS and STANDARD_DIRS imply OPTIONAL_REPO NEWS: Improve release notes for 1.13.x Use HEAD rather than a specific branch name in a link Require bubblewrap 0.5.0 if using a system copy run: Create sandbox's XDG_RUNTIME_DIR with 0700 permissions run: Consistently create /.flatpak-info with mode 0600 Update NEWS test-history: Skip test if we cannot read from the Journal Update libglnx subproject Update bubblewrap subproject to v0.6.1 tests: Don't install tap-driver.sh in the installed-tests doc: have-kernel-module-* was added in 1.13.1 dir: Consistently use relative paths for libostree subpaths NEWS: Update for 1.13.2 so far Prepare v1.13.2 Update localization files for release build: Consistently include libglnx header as "libglnx.h" common: Decouple flatpak-context-private.h from xdg-dbus-proxy .gitignore: Be more specific about what we ignore utils: Put an Auto prefix on locally-defined autoptr cleanups selinux: Factor out build steps into a script icon-validator: Don't make flatpak_get_bwrap() extern tests: Wrap EXTRA_DIST, one file per line tests/update-test-matrix: Move into a standalone script tests: Factor out generation of test runtime into a script test-history: Make it easier to debug on failure tests: Redirect stdout to stderr for flatpak_installation_launch tests: Avoid printing arbitrary text to stdout libtest.sh: Optionally be more careful what we print on stdout workflows: Remove a TODO workflows: Move gtk-doc enablement from clang to valgrind build workflows: Explicitly enable/disable GObject-Introspection workflows: Run distcheck workflows: Use team-maintained Flatpak PPA for ostree dependency workflows: Take libostree from PPA instead of building it from scratch Update libglnx submodule Update bubblewrap subproject to v0.6.2 Update xdg-dbus-proxy submodule to 0.1.4 try-syscall: Use compiler-predefined macros to detect mips ABI try-syscall: Cope with old glibc without PR_SET_CHILD_SUBREAPER defined run: Preserve X11 display number instead of redirecting it to :99 enter: Don't overwrite the DISPLAY exports: Add logging at a finer granularity revokefs: Use FUSE version 3 if possible tests: Add valgrind suppression for ostreedev/ostree#2592 workflows: Build with FUSE 3 on Ubuntu 22.04 TheEvilSkeleton (3): Switch to GitHub forms po: Add French translation Add more translations and add last translator Will Thompson (4): run: Support PulseAudio socket path without unix: prefix run: Add link to PulseAudio server string documentation run: Document shortcomings of PulseAudio server string parsing build-init: Write .gitignore in build dir Yuri Chornoivan (6): po: Update Ukrainian translation Update Ukrainian translation Update Ukrainian translation Update Ukrainian translation Update Ukrainian translation Update Ukrainian translation dundunplus (1): Updated Chinese translation (#4993) gasinvein (1): build-init: Use SDK arch for SDK extensions... gostsdmitry (1): Add Hindi translation lumingzh (3): Update LINGUAS Add zh_CN.po Update Chinese translation yakusha (1): Update Turkish translation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While trying to port Flatpak to FUSE 3 (flatpak/flatpak#4326), I needed to upgrade the version of libostree used to build it in CI from 2020.8 to a version that uses FUSE 3, and tried upgrading to 2022.2. The build that is using FUSE 3 happens to be the one that also runs the tests under valgrind.
Having done so, several tests fail like this:
This appears to be triggered by the change in c987534 "repo/private: allow committing/aborting through a transaction guard", which allocates a new sub-transaction "the hard way" instead of going through the
_ostree_repo_auto_transaction_start()
API:c987534 was actually correct (although it was a bit of a layering violation) because at the time of that change, transactions were not refcounted. However, 8a9737a "repo/private: move OstreeRepoAutoTransaction to a boxed type" subsequently made it refcounted, at which point the direct use in
ostree_repo_prepare_transaction()
is leavingtxn->atomic_refcount
uninitialized.I think in practice this means the intended transaction-abort is usually not happening, because the uninitialized refcount is unlikely to come out as exactly 1?
cc @lucab
The text was updated successfully, but these errors were encountered: