VMiklos wrote:
hi
http://frugalware.org/~vmiklos/patches/libpacman-proposed/trans_double_free....
trans->packages is only a list of package _pointers_ so using FREELISTPKGS() on it will cause a double free(). use FREELISTPTR instead
how to reproduce this bug: $ sudo pacman -Rs k9copy --noconfirm checking dependencies... done.
Targets: k9copy toolame
removing k9copy... done. removing toolame... done. *** glibc detected *** double free or corruption (!prev): 0x0824eea0 ***
udv / greetings, VMiklos
Basically, trans->pacakges is really a list of packages, and not a list of pointers to packages. As a consequence, it must be freed by using FREELISTPKGS. See add_loadtarget() or remove_loadtarget(): data are built from scratch and copied into that list. FYI, it is needed for a transaction to hold its own set of data. During the transaction life, the package cache can change, and thus, it is tricky to rely on it by simply using pointers. IMO, the double free fault comes from somewhere else. Is it only occurring when using the "-s" flag? Is running "sudo pacman -R --noconfirm k9copy toolame" triggers the fault? -- Aurelien