Dangling reference from packages added to a transaction
If a loaded (alpm_pkg_load
) package is added to a transaction and then the transaction is released, the package will be free'd by the transaction. The current wrapper of alpm_add_pkg
avoids potential double-free from this by clearing the needs_free
flag. This is, however, not enough to avoid the dangling reference issue. If the package object is still live and being used after the transaction is released, the code would crash. This is demonstrated by the following code. Run this with the path to a random package file as the argument.
import pyalpm
import os
import sys
testdir = os.getcwd()
dbpath = os.path.join(testdir, 'var/lib/pacman/')
cachepath = os.path.join(testdir, 'var/cache/pacman/pkg/')
os.makedirs(dbpath)
os.makedirs(cachepath)
hdl = pyalpm.Handle(testdir, dbpath)
hdl.cachedirs = [cachepath]
trans = hdl.init_transaction()
pkg = hdl.load_pkg(sys.argv[1])
print(pkg)
trans.add_pkg(pkg)
print(pkg)
trans.release()
del trans
print(pkg)