Bug#982716: [Aptitude-devel] Bug#982716: Bug#982716: aptitude: FTBFS: tests failed
Hi David, David Kalnischkies wrote: > On Sat, Feb 13, 2021 at 06:11:03PM +0100, Lucas Nussbaum wrote: > > Relevant part (hopefully): > […] > > > FAIL: cppunit_test > […] > | aptitude_resolver.cc:680 ERROR - Invalid hint "-143 aptitude <4.3.0": the > action "-143" should be "approve", "reject", or a number. […] > So I guess what is intended here is more like: > | char * endptr; > | errno = 0; > | auto score_tweaks = strtol(action.c_str(), , 10); > | if (errno != 0 || *endptr != '\0') I applied the following patch locally: --- a/src/generic/apt/aptitude_resolver.cc +++ b/src/generic/apt/aptitude_resolver.cc @@ -673,7 +673,10 @@ else { unsigned long score_tweak = 0; - if(!StrToNum(action.c_str(), score_tweak, action.size())) + char * endptr; + errno = 0; + auto score_tweaks = strtol(action.c_str(), , 10); + if (errno != 0 || *endptr != '\0') { // TRANSLATORS: actions ("approve", etc.) are keywords and should // not be translated The initially failing test indeed seems fixed, but now another test fails: Test Results: Run: 199 Failures: 1 Errors: 0 1) test: ResolverHintsTest::testHintParse (F) line: 147 ../../tests/test_resolver_hints.cc assertion failed - Expression: h == t.h - Checking 40 g++: tweak 0 ?exact-name("g++") installed == tweak 40 ?exact-name("g++") installed Currently trying to understand why. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#982716: [Aptitude-devel] Bug#982716: Bug#982716: aptitude: FTBFS: tests failed
Hi David, you were quicker. Thanks! :-) David Kalnischkies wrote: > On Sat, Feb 13, 2021 at 06:11:03PM +0100, Lucas Nussbaum wrote: > > Relevant part (hopefully): > […] > > > FAIL: cppunit_test > […] > | aptitude_resolver.cc:680 ERROR - Invalid hint "-143 aptitude <4.3.0": the > action "-143" should be "approve", "reject", or a number. Yep, also found this to be the failing test and suspected apt 2.1.19/2.1.20 as the culprit. Especially "Forbid negative values in unsigned StrToNum explicitly" of 2.1.19 looked suspiciously related. ;-) > The test uses aptitude_resolver::hint::parse in > src/generic/apt/aptitude_resolver.cc > which in line 676 uses StrToNum to parse the hint which fails with > apt >= 2.1.19 as StrToNum is refusing to parse negative numbers now. > > The data type of StrToNum is unsigned and using strtoull internally > which works on an unsigned long long (ull), too, but defines that > for negative numbers "the negation of the result of the conversion" is > returned… which tends to be unexpected (Negative numbers played a minor > role in e.g. CVE-2020-27350 for example). […] > So I guess what is intended here is more like: > | char * endptr; > | errno = 0; > | auto score_tweaks = strtol(action.c_str(), , 10); > | if (errno != 0 || *endptr != '\0') Will test, thanks! > Note that I have not checked my hypotheses. (The code samples are also > typed in my mail client, so I have probably included some typos letting > them not even compile.) I'm glad about your reply definitely. > Sorry for this breaking change this late in the cycle! Apology accepted. :-) > If its any consolation I am also angry that I not only not managed > to finish the fuzzing project in time, but also not managed to > salvage the more useful bit in a more timely fashion either. Actually, when I read that changelog summary, I just thought "Wow!" So please please keep on that work! Better late than never! :-) Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE