On Thu, Jun 06, 2019 at 04:04:39PM +0200, Guillem Jover wrote: > Package: dctrl-tools > Version: 2.24-3 > Severity: serious > > Hi! > > The join-dctrl command segfaults with the attached files. > > ,--- > $ join-dctrl Packages-A Packages-B > Segmentation fault (core dumped)
Hi,
From what I think I see, I believe that this is less wrong behavior
and more lack of error detection and proper error messages.
The manual page states that some field joining options must be
specified - some combination of -j, -1, and -2. A command like:
join-dctrl -j Package Packages-A Packages-B
...produces some output for the aaa package that is common to
both files. I tried playing with -1 and -2, but I couldn't quite
find a combination that would produce a result and not segfault.
So I believe that the real bug here is lack of input checking and
not completely clear error messages (invoking join-dctrl as
"join-dctrl -1 Packages -2 Packages Packages-A Packages-B"
produces a somewhat cryptic "the join field of the second file has
already been specified" error message). I could try to look at
the code some more and try my hand at input sanitization in
the next couple of days.
G'luck,
Peter
--
Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} [email protected]
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
