Bug#982716: [Aptitude-devel] Bug#982716: Bug#982716: aptitude: FTBFS: tests failed
Hi David,
David Kalnischkies wrote:
> On Sat, Feb 13, 2021 at 06:11:03PM +0100, Lucas Nussbaum wrote:
> > Relevant part (hopefully):
> […]
> > > FAIL: cppunit_test
> […]
> | aptitude_resolver.cc:680 ERROR - Invalid hint "-143 aptitude <4.3.0": the
> action "-143" should be "approve", "reject", or a number.
[…]
> So I guess what is intended here is more like:
> | char * endptr;
> | errno = 0;
> | auto score_tweaks = strtol(action.c_str(), , 10);
> | if (errno != 0 || *endptr != '\0')
I applied the following patch locally:
--- a/src/generic/apt/aptitude_resolver.cc
+++ b/src/generic/apt/aptitude_resolver.cc
@@ -673,7 +673,10 @@
else
{
unsigned long score_tweak = 0;
- if(!StrToNum(action.c_str(), score_tweak, action.size()))
+ char * endptr;
+ errno = 0;
+ auto score_tweaks = strtol(action.c_str(), , 10);
+ if (errno != 0 || *endptr != '\0')
{
// TRANSLATORS: actions ("approve", etc.) are keywords and should
// not be translated
The initially failing test indeed seems fixed, but now another test
fails:
Test Results:
Run: 199 Failures: 1 Errors: 0
1) test: ResolverHintsTest::testHintParse (F) line: 147
../../tests/test_resolver_hints.cc
assertion failed
- Expression: h == t.h
- Checking 40 g++: tweak 0 ?exact-name("g++") installed == tweak 40
?exact-name("g++") installed
Currently trying to understand why.
Regards, Axel
--
,''`. | Axel Beckert , https://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#982716: [Aptitude-devel] Bug#982716: Bug#982716: aptitude: FTBFS: tests failed
Hi David, you were quicker. Thanks! :-) David Kalnischkies wrote: > On Sat, Feb 13, 2021 at 06:11:03PM +0100, Lucas Nussbaum wrote: > > Relevant part (hopefully): > […] > > > FAIL: cppunit_test > […] > | aptitude_resolver.cc:680 ERROR - Invalid hint "-143 aptitude <4.3.0": the > action "-143" should be "approve", "reject", or a number. Yep, also found this to be the failing test and suspected apt 2.1.19/2.1.20 as the culprit. Especially "Forbid negative values in unsigned StrToNum explicitly" of 2.1.19 looked suspiciously related. ;-) > The test uses aptitude_resolver::hint::parse in > src/generic/apt/aptitude_resolver.cc > which in line 676 uses StrToNum to parse the hint which fails with > apt >= 2.1.19 as StrToNum is refusing to parse negative numbers now. > > The data type of StrToNum is unsigned and using strtoull internally > which works on an unsigned long long (ull), too, but defines that > for negative numbers "the negation of the result of the conversion" is > returned… which tends to be unexpected (Negative numbers played a minor > role in e.g. CVE-2020-27350 for example). […] > So I guess what is intended here is more like: > | char * endptr; > | errno = 0; > | auto score_tweaks = strtol(action.c_str(), , 10); > | if (errno != 0 || *endptr != '\0') Will test, thanks! > Note that I have not checked my hypotheses. (The code samples are also > typed in my mail client, so I have probably included some typos letting > them not even compile.) I'm glad about your reply definitely. > Sorry for this breaking change this late in the cycle! Apology accepted. :-) > If its any consolation I am also angry that I not only not managed > to finish the fuzzing project in time, but also not managed to > salvage the more useful bit in a more timely fashion either. Actually, when I read that changelog summary, I just thought "Wow!" So please please keep on that work! Better late than never! :-) Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
