Bug#1058904: python3-apt: apt_pkg.TagFile segfaults on files with comments

Stuart Prescott Sun, 17 Dec 2023 20:21:14 -0800

Package: python3-apt
Version: 2.7.2
Severity: serious
X-Debbugs-Cc: stu...@debian.org


Dear Maintainer,

With the upgrade to python3-apt 2.7.2, CI for python-debian started
failing for both python3.11 and python3.12. The particular test where
the segfault is found feeds apt_pkg.TagFile data that contains comments
in the form permitted by Policy for source package control files.

https://salsa.debian.org/stuart/python-debian/-/blob/master/tests/test_deb822.py?ref_type=heads#L1279

Previous versions raised apt_pkg.Error for erronous data.

They key feature of the data that is causing the segfault is the
inclusion of a comment in a multiline field.

While users of python-debian's deb822 wrappers are encouraged to not use
apt_pkg.TagFile for anything other than archive-generated files such as
the Sources and Packages files, there are legacy users and
out-of-archive users that could be doing so. Unparsable data should also
not segfault the interpreter but generate an exception.

regards
Stuart


Steps to reproduce (output below are for git HEAD with a slightly
rearranged directory structure; current version in sid does the same):

$ debcheckout python-debian
$ cd python-debian
$ python3.11 -m pytest -k test_iter_paragraphs_comments_use_apt_pkg
============================================== test session starts 
==============================================
platform linux -- Python 3.11.7, pytest-7.4.3, pluggy-1.3.0 -- 
/usr/bin/python3.11
cachedir: .pytest_cache
rootdir: /tmp/pkgs/python-debian
configfile: pyproject.toml
testpaths: src, tests
plugins: cov-4.1.0
collected 295 items / 294 deselected / 1 selected

tests/test_deb822.py::TestDeb822::test_iter_paragraphs_comments_use_apt_pkg 
Fatal Python error: Segmentation fault

Current thread 0x00007f97ca55a040 (most recent call first):
File "/tmp/pkgs/python-debian/src/debian/deb822.py", line 740 in iter_paragraphs
File "/tmp/pkgs/python-debian/tests/test_deb822.py", line 1297 in 
test_iter_paragraphs_comments_use_apt_pkg
File "/usr/lib/python3/dist-packages/_pytest/python.py", line 194 in 
pytest_pyfunc_call
File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 77 in _multicall
File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 115 in _hookexec
File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 493 in __call__
File "/usr/lib/python3/dist-packages/_pytest/python.py", line 1792 in runtest
File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 169 in 
pytest_runtest_call
File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 77 in _multicall
File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 115 in _hookexec
File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 493 in __call__
File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 262 in <lambda>
File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 341 in from_call
File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 261 in 
call_runtest_hook
File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 222 in 
call_and_report
File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 133 in 
runtestprotocol
File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 114 in 
pytest_runtest_protocol
File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 77 in _multicall
File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 115 in _hookexec
File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 493 in __call__
File "/usr/lib/python3/dist-packages/_pytest/main.py", line 350 in 
pytest_runtestloop
File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 77 in _multicall
File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 115 in _hookexec
File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 493 in __call__
File "/usr/lib/python3/dist-packages/_pytest/main.py", line 325 in _main
File "/usr/lib/python3/dist-packages/_pytest/main.py", line 271 in wrap_session
File "/usr/lib/python3/dist-packages/_pytest/main.py", line 318 in 
pytest_cmdline_main
File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 77 in _multicall
File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 115 in _hookexec
File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 493 in __call__
File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 169 in 
main
File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 192 in 
console_main
File "/usr/lib/python3/dist-packages/pytest/__main__.py", line 5 in <module>
File "<frozen runpy>", line 88 in _run_code
File "<frozen runpy>", line 198 in _run_module_as_main


Or a minimal example directly with apt_pkg:
$ echo "Source: foo
Build-Depends: debhelper,
# quux,
 python" > data
$ python3 -c "import apt_pkg; [p for p in apt_pkg.TagFile(open('data', 'rt'))]"
Segmentation fault (core dumped)

Bug#1058904: python3-apt: apt_pkg.TagFile segfaults on files with comments

Reply via email to