Occasional SEGFAULT in DataExtractor::processPackage #83

Cogitri · 2020-06-28T19:14:53Z

The SEGFAULT seems to happen when validating the appdata file of the d-feet package, see here for the archive that contains that package: https://alpine.global.ssl.fastly.net/alpine/edge/main/x86_64/d-feet-0.3.15-r2.apk

I tried making a minimal reproducer&unittest for this, but unfortunately I'm not really sure how to do that since the DataExtractor needs quite a bit of state for initialisation.

Here's the full backtrace:

#0  0x00007f952818b7fe in printf_core (f=f@entry=0x0, fmt=fmt@entry=0x0, ap=ap@entry=0x7f752230ddd0, nl_arg=nl_arg@entry=0x7f752230de60, nl_type=nl_type@entry=0x7f752230dde8) at src/stdio/vfprintf.c:454
454	src/stdio/vfprintf.c: No such file or directory.
[Current thread is 1 (LWP 1623)]
(gdb) bt full
#0  0x00007f952818b7fe in printf_core (f=f@entry=0x0, fmt=fmt@entry=0x0, ap=ap@entry=0x7f752230ddd0, nl_arg=nl_arg@entry=0x7f752230de60, nl_type=nl_type@entry=0x7f752230dde8) at src/stdio/vfprintf.c:454
        a = <optimized out>
        z = <optimized out>
        s = 0x0
        l10n = 0
        fl = <optimized out>
        w = <optimized out>
        p = <optimized out>
        xp = <optimized out>
        arg = {i = 140278592504501, f = 5.11343459730539455753e-4937, p = 0x7f9527ad02b5}
        argpos = <optimized out>
        st = <optimized out>
        ps = <optimized out>
        cnt = <optimized out>
        l = 0
        i = <optimized out>
        buf = "U\000\000+\336\060\"u\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000\002\000\000\000\000\000\000\000\305\365\325'\225\177\000"
        prefix = <optimized out>
        t = <optimized out>
        pl = <optimized out>
        wc = L"\000"
        ws = <optimized out>
        mb = "\225\177\000"
#1  0x00007f952818c170 in vfprintf (f=f@entry=0x7f752230df58, fmt=fmt@entry=0x0, ap=<optimized out>) at src/stdio/vfprintf.c:668
        ap2 = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7f752230e210, reg_save_area = 0x7f752230e120}}
        nl_type = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
        nl_arg = 
            {{i = 94086934475536, f = <invalid float value>, p = 0x5592524eb310}, {i = 0, f = <invalid float value>, p = 0x0}, {i = 0, f = 0, p = 0x0}, {i = 0, f = 0, p = 0x0}, {i = 0, f = 0, p = 0x0}, {i = 0, f = 0, p = 0x0}, {i = 0, f = 0, p = 0x0}, {i = 140278599573902, f = 5.11343485499916671642e-4937, p = 0x7f952818e18e <sn_write>}, {i = 140141061529206, f = 5.10842131883774781573e-4937, p = 0x7f752230de76}, {i = 0, f = 0, p = 0x0}}
        internal_buf = '\000' <repeats 16 times>, "summary (lang=bs))R)in)\000\360\337\060\"u\177\000\000\n\000\000\000\000\000\000\000\020\340\060\"u\177\000\000\vҬ'\225\177\000\000\001\000\000\000\000\000\000"
        saved_buf = 0x0
        olderr = <optimized out>
        ret = <optimized out>
        __need_unlock = <optimized out>
#2  0x00007f952818e2ba in vsnprintf (s=s@entry=0x0, n=n@entry=0, fmt=fmt@entry=0x0, ap=ap@entry=0x7f752230e058) at src/stdio/vsnprintf.c:54
        buf = ""
        dummy = ""
        c = {s = 0x7f752230df47 "", n = 0}
        f = 
          {flags = 0, rpos = 0x0, rend = 0x0, close = 0x0, wend = 0x0, wpos = 0x0, mustbezero_1 = 0x0, wbase = 0x0, read = 0x0, write = 0x7f952818e18e <sn_write>, seek = 0x0, buf = 0x7f752230df46 "", buf_size = 0, prev = 0x0, next = 0x0, fd = 0, pipe_pid = 0, lockcount = 0, mode = 0, lock = -1, lbf = -1, cookie = 0x7f752230df48, off = 0, getln_buf = 0x0, mustbezero_2 = 0x0, shend = 0x0, shlim = 0, shcnt = 0, prev_locked = 0x0, next_locked = 0x0, locale = 0x0}
#3  0x00007f952818a946 in vasprintf (s=s@entry=0x7f752230e0c0, fmt=fmt@entry=0x0, ap=ap@entry=0x7f752230e100) at src/stdio/vasprintf.c:10
        ap2 = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7f752230e210, reg_save_area = 0x7f752230e120}}
        l = <optimized out>
#4  0x00007f9527d60867 in g_vasprintf (string=string@entry=0x7f752230e0c0, format=format@entry=0x0, args=args@entry=0x7f752230e100) at ../glib/gprintf.c:337
        len = <optimized out>
        __func__ = "g_vasprintf"
#5  0x00007f9527d4186b in g_strdup_vprintf (format=format@entry=0x0, args=args@entry=0x7f752230e100) at ../glib/gstrfuncs.c:518
        string = 0x0
#6  0x00007f9527ac1f5b in as_validator_add_issue (validator=validator@entry=0x5592524f9f40 [AsValidator], node=node@entry=0x5592525aaa40, tag=tag@entry=0x7f9527ad0a87 "screenshot-no-caption", format=format@entry=0x0)
    at ../src/as-validator.c:162
        priv = 0x5592524f9f00
        args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7f752230e210, reg_save_area = 0x7f752230e120}}
        buffer = 0x0
--Type <RET> for more, q to quit, c to continue without paging--c
        tag_final = 0x559252540d80 "screenshot-no-caption"
        explanation = 0x7f9527ad21c7 "The screenshot does not have a caption text. Consider adding one."
        severity = AS_ISSUE_SEVERITY_PEDANTIC
        location = 0x0
        issue = <optimized out>
        id_str = <optimized out>
        tag_data = <optimized out>
#7  0x00007f9527ac432e in as_validator_check_screenshots (node=0x5592525aa9a0, cpt=0x5592524eb310 [AsComponent], validator=0x5592524f9f40 [AsValidator]) at ../src/as-validator.c:1038
        caption_found = 0
        default_screenshot = 1
        iter2 = 0x0
        image_found = 1
        video_found = 0
        scr_kind_str = 0x559252540e60 "default"
        iter = 0x5592525aaa40
        node_name = 0x5592524f5bad "screenshots"
        node_content = 0x559252540de0 "https://git.gnome.org/browse/d-feet/plain/data/screenshots/d-feet-overview.png"
        tag_valid = 1
        can_be_empty = 0
        iter = 0x5592525aa9a0
        cpt = 0x5592524eb310 [AsComponent]
        cpttype = 0x559252540f40 "desktop"
        found_tags = 0x559252550460
        mode = AS_FORMAT_STYLE_METAINFO
        has_metadata_license = 1
#8  as_validator_validate_component_node (validator=validator@entry=0x5592524f9f40 [AsValidator], ctx=ctx@entry=0x559252550440 [AsContext], root=root@entry=0x559252719fa0) at ../src/as-validator.c:1427
        node_name = 0x5592524f5bad "screenshots"
        node_content = 0x559252540de0 "https://git.gnome.org/browse/d-feet/plain/data/screenshots/d-feet-overview.png"
        tag_valid = 1
        can_be_empty = 0
        iter = 0x5592525aa9a0
        cpt = 0x5592524eb310 [AsComponent]
        cpttype = 0x559252540f40 "desktop"
        found_tags = 0x559252550460
        mode = AS_FORMAT_STYLE_METAINFO
        has_metadata_license = 1
#9  0x00007f9527ac51d9 in as_validator_validate_data (validator=0x5592524f9f40 [AsValidator], metadata=<optimized out>) at ../src/as-validator.c:1814
        ret = 1
        root = 0x559252719fa0
        doc = 0x559252595a20
        ctx = 0x559252550440
        cpt = <optimized out>
#10 0x00005592500be57c in _D9appstream9ValidatorQk12validateDataMFAyaZb (this=0x7f751fb6b7e0, metadata=...) at Validator.d:198
#11 0x0000559250044466 in _D5asgen8handlers17metainfovalidator20validateMetaInfoFileFCQCg6result15GeneratorResultC9appstream9ComponentQkAyaQdZv
res=0x7f751fd35f20,
cpt=0x7f751fc481e0,
data=...,
miBasename=...) at metainfovalidator.d:49
        issueList = 0x2f
#12 0x000055924ffc74b4 in _D5asgen9extractor13DataExtractor14processPackageMFCQBy8backends10interfaces7PackageZCQDg6result15GeneratorResult at extractor.d:192
        mfname = @0x7f751fc96bc0: {length = 47, ptr = 0x7f752370c4c0 "/usr/share/metainfo/org.gnome.dfeet.appdata.xml"}
        dataBytes = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!-- Copyright 2013 Thomas Bechtold <thomasbechtold@jpberlin.de> -->\n<component type=\"desktop\">\n  <id>org.gnome.dfeet.desktop</id>\n  <metadata_license>CC0-1.0</m"...
        data = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!-- Copyright 2013 Thomas Bechtold <thomasbechtold@jpberlin.de> -->\n<component type=\"desktop\">\n  <id>org.gnome.dfeet.desktop</id>\n  <metadata_license>CC0-1.0</m"...
        cpt = 0x7f751fc481e0
        cid = "org.gnome.dfeet.desktop"
        launch = 0x0
        __r301 = {{length = 47, ptr = 0x7f752370c4c0 "/usr/share/metainfo/org.gnome.dfeet.appdata.xml"}}
        __key302 = 0
        hasFontComponent = false
        metadataFiles = {{length = 47, ptr = 0x7f752370c4c0 "/usr/share/metainfo/org.gnome.dfeet.appdata.xml"}}
        mdata = {Scoped_store = "\240\226\fP\222U\000\000\000\000\000\000\000\000\000\000\200\352\005R\222U", '\000' <repeats 18 times>, "\200\352\005R\222U\000\000\200\334o#\002\000\000\000\000\000\000\000\000\000\000"}
        cpt = 0x0
        data = {_data = 0x18}
        gres = 0x7f751fd35f20
        desktopFiles = {_buckets = {length = 32, ptr = 0x5592524eaa60}, _buckets_num = 32, _mask = 31, _allocated = 0, _deleted = 0, _empty = 32, _grow_factor = 4}
#13 0x000055924ff9603d in _D5asgen6engine6Engine15processPackagesMFKACQBq8backends10interfaces7PackageCQCx8handlers11iconhandler11IconHandlerZ14__foreachbody3MFKQDoZi (pkg=@0x7f75241b6a58: 0x7f7523972600) at engine.d:158
        pkid = "d-feet/0.3.15-r2/aarch64"
        res = 0x7f752230ecc0
        __sync842 = 0x7f752230ec70
        mde = 0x7f751fd1a720
        mde = 0x7f752230ecc0
        localeh = 0x55924ffa2eed <_D3std9algorithm10comparison__T3minTymTmZQkFNaNbNiNfymmZym+29>
#14 0x000055924ffa2d5e in _D3std11parallelism__T15ParallelForeachTAC5asgen8backends10interfaces7PackageZQCe7opApplyMFMDFKQCcZiZ4doItMFZv () at /usr/include/d/std/parallelism.d-mixin-4036:4082
        dg = {context = 0x7ffda6752110 "\200%g%\225\177", funcptr = 0x55924ff95fe0 <_D5asgen6engine6Engine15processPackagesMFKACQBq8backends10interfaces7PackageCQCx8handlers11iconhandler11IconHandlerZ14__foreachbody3MFKQDoZi>}
        i = 331
        __key858 = 331
        __limit859 = 456
        end = 456
        workUnitIndex = <optimized out>
        this = <optimized out>
        myUnitIndex = 2
        start = 304
        shouldContinue = true
        workUnitIndex = 72197872612243576
        len = 140727396142744
#15 0x00007f9526c41121 in _D3std11parallelism8TaskPool5doJobMFPSQBkQBj12AbstractTaskZv () at /usr/lib/libphobos2-ldc-shared.so.90
#16 0x00007f9526c412bb in std.parallelism.TaskPool.startWorkLoop() () at /usr/lib/libphobos2-ldc-shared.so.90
#17 0x00007f95268fc26c in thread_entryPoint () at /usr/lib/libdruntime-ldc-shared.so.90
#18 0x00007f95281927b7 in start (p=0x7f752230ee50) at src/thread/pthread_create.c:195
        args = 0x7f752230ee50
        state = <optimized out>
#19 0x00007f95281948f0 in __clone () at src/thread/x86_64/clone.s:22

The text was updated successfully, but these errors were encountered:

ximion · 2020-09-02T22:04:42Z

First of all, thank you for the complete backtrace! Can you still reproduce this issue? This issue is most likely in libappstream, but for some reason I can't reproduce it.
What's your version of AppStream? What's your version of GLib?

ximion · 2020-09-02T22:12:51Z

Try applying this patch to AppStream and reopen this bug report if that doesn't work. I am pretty confident in this patch though (but I do wonder why this issue hasn't been caught immediately - maybe due to different compiler optimizations).

Thank you for reporting this issue and sorry for getting at it with such a delay.

Cogitri mentioned this issue Sep 2, 2020

"Addon" archive support #15

Open

ximion closed this as completed in ximion/appstream@1109c84 Sep 2, 2020

Occasional SEGFAULT in DataExtractor::processPackage #83

Occasional SEGFAULT in DataExtractor::processPackage #83

Cogitri commented Jun 28, 2020

ximion commented Sep 2, 2020

ximion commented Sep 2, 2020

Occasional SEGFAULT in DataExtractor::processPackage #83

Occasional SEGFAULT in DataExtractor::processPackage #83

Comments

Cogitri commented Jun 28, 2020

ximion commented Sep 2, 2020

ximion commented Sep 2, 2020