Pkgin crashes on a corrupted pkg_summary.bz2

[realzhtw]

Pkgin crashes with SIGSEGV when fed (presumably) corrupted pkg_summary.bz2.

a@nl1lxl-108875:~/repo$ uname -a
Linux nl1lxl-108875 4.15.0-47-generic #50-Ubuntu SMP Wed Mar 13 10:44:52 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
a@nl1lxl-108875:~/repo$ ls -d ~/pkg/pkgdb/pkgin-*
/home/a/pkg/pkgdb/pkgin-0.11.7
a@nl1lxl-108875:~/repo$ cat ~/pkg/etc/pkgin/repositories.conf 
file:///home/a/repo

a@nl1lxl-108875:~/repo$ gdb ~/pkg/bin/pkgin 
GNU gdb (Ubuntu 8.1-0ubuntu3) 8.1.0.20180409-git
...
(gdb) run install curl
Starting program: /home/a/pkg/bin/pkgin install curl
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
calculating dependencies...done.
warning: package curl-7.64.0 has an empty FILE_SIZE on repository.
warning: package libidn2>=2.0.0 has an empty FILE_SIZE on repository.
warning: package openssl>=1.0.2gnb1 has an empty FILE_SIZE on repository.
warning: package zlib>=1.2.3 has an empty FILE_SIZE on repository.
warning: package perl>=5.0 has an empty FILE_SIZE on repository.
warning: package libunistring>=0.9.4 has an empty FILE_SIZE on repository.

Program received signal SIGSEGV, Segmentation fault.
__strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
62	../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory.
(gdb) 

The pkg_summary is large. Instead of giving a link, I will create a minimal one and attach in the comments shortly.

[realzhtw]

Here is a very minimalistic pkg_summary.bz2 that causes the crash:

a@nl1lxl-108875:~/repo$ bzcat pkg_summary.bz2 
PKGNAME=libidn2-2.0.5
DEPENDS=libunistring>=0.9.4
COMMENT=Convert internationalized domain names to/from ASCII Encoding
SIZE_PKG=579464
BUILD_DATE=2019-05-13 10:35:43 +0200
CATEGORIES=devel
HOMEPAGE=https://www.gnu.org/software/libidn/
LICENSE=gnu-gpl-v2
MACHINE_ARCH=x86_64
OPSYS=Linux
OS_VERSION=4.15.0
PKGPATH=devel/libidn2
PKGTOOLS_VERSION=20091115
PROVIDES=/pkg/lib/libidn2.so
PROVIDES=/pkg/lib/libidn2.so.0
PROVIDES=/pkg/lib/libidn2.so.0.3.4
REQUIRES=/lib/x86_64-linux-gnu/libc.so.6
REQUIRES=/pkg/lib/libunistring.so.2
REQUIRES=/usr/lib/x86_64-linux-gnu/libidn2.so.0
DESCRIPTION=Libidn2 is a free software implementation of IDNA2008, Punycode and TR46
DESCRIPTION=in the form of a library. It contains functionality to convert
DESCRIPTION=internationalized domain names to and from ASCII Compatible Encoding
DESCRIPTION=(ACE), following the IDNA2008 and TR46 standards.
DESCRIPTION=
DESCRIPTION=The library is a rewrite of the popular but legacy libidn library, and
DESCRIPTION=is backwards (API) compatible with it.
DESCRIPTION=
DESCRIPTION=Homepage:
DESCRIPTION=https://www.gnu.org/software/libidn/

a@nl1lxl-108875:~/repo$ 

[realzhtw]

Here is the backtrace from unstripped pkgin:

Program received signal SIGSEGV, Segmentation fault.
__strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
62	../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory.
(gdb) bt
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
#1  0x00007ffff6be19ae in __GI___strdup (s=0x0) at strdup.c:41
#2  0x0000555555563dc9 in xstrdup (str=<optimized out>) at external/xwrapper.c:97
#3  0x000055555555f5fc in order_install (impacthead=0x5555557b64a0, op=op@entry=4) at order.c:194
#4  0x000055555555d60d in pkgin_install (opkgargs=<optimized out>, do_inst=1) at actions.c:580
#5  0x000055555555984b in main (argc=2, argv=0x7fffffffdde0) at main.c:215
(gdb) 

[jperkin]

Sorry I didn't get to see this earlier. Did you still hit this issue with newer releases? Looking at the code this is happening with the pkgurl variable which will depend on what you have set your repository to rather than anything in the pkg_summary (other than the PKGNAME) so it would be interesting to know what you were using.

In any case quite a lot of this code has changed since, so it would be interesting to know if you can still reproduce it with 0.15.

[jperkin]

Oh I see the file:// URL now, never mind.