[Aptitude-devel] Bug#982716: Bug#982716: Bug#982716: aptitude: FTBFS: tests failed

Axel Beckert abe at debian.org
Sat Feb 13 22:45:57 GMT 2021 

Hi David,

you were quicker. Thanks! :-)

David Kalnischkies wrote:
> On Sat, Feb 13, 2021 at 06:11:03PM +0100, Lucas Nussbaum wrote:
> > Relevant part (hopefully):
> […]
> > > FAIL: cppunit_test
> […]
> | aptitude_resolver.cc:680 ERROR - Invalid hint "-143 aptitude <4.3.0": the action "-143" should be "approve", "reject", or a number.

Yep, also found this to be the failing test and suspected apt
2.1.19/2.1.20 as the culprit. Especially "Forbid negative values in
unsigned StrToNum explicitly" of 2.1.19 looked suspiciously related.
;-)

> The test uses aptitude_resolver::hint::parse in src/generic/apt/aptitude_resolver.cc
> which in line 676 uses StrToNum to parse the hint which fails with
> apt >= 2.1.19 as StrToNum is refusing to parse negative numbers now.
> 
> The data type of StrToNum is unsigned and using strtoull internally
> which works on an unsigned long long (ull), too, but defines that
> for negative numbers "the negation of the result of the conversion" is
> returned… which tends to be unexpected (Negative numbers played a minor
> role in e.g. CVE-2020-27350 for example).
[…]
> So I guess what is intended here is more like:
> | char * endptr;
> | errno = 0;
> | auto score_tweaks = strtol(action.c_str(), &endptr, 10);
> | if (errno != 0 || *endptr != '\0')

Will test, thanks!

> Note that I have not checked my hypotheses. (The code samples are also
> typed in my mail client, so I have probably included some typos letting
> them not even compile.)

I'm glad about your reply definitely.

> Sorry for this breaking change this late in the cycle!

Apology accepted. :-)

> If its any consolation I am also angry that I not only not managed
> to finish the fuzzing project in time, but also not managed to
> salvage the more useful bit in a more timely fashion either.

Actually, when I read that changelog summary, I just thought "Wow!" So
please please keep on that work! Better late than never! :-)

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe at debian.org>, https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

More information about the Aptitude-devel mailing list