Bug#1066991: easy way to crash diffoscope

Holger Levsen holger at layer-acht.org
Sat Mar 16 16:53:45 GMT 2024 

On Sat, Mar 16, 2024 at 04:01:52PM +0000, Holger Levsen wrote:
> KeyError: './usr/share/gocode/src/github.com/stvp/tempredis/dump.rdx not found in archive'

which is true:

$ dpkg --contents p2/golang-github-stvp-tempredis-dev_0.0~git20231107.8a695b6-1_all.deb
drwxr-xr-x root/root         0 2023-11-20 11:47 ./
drwxr-xr-x root/root         0 2023-11-20 11:47 ./usr/
drwxr-xr-x root/root         0 2023-11-20 11:47 ./usr/share/
drwxr-xr-x root/root         0 2023-11-20 11:47 ./usr/share/doc/
drwxr-xr-x root/root         0 2023-11-20 11:47 ./usr/share/doc/golang-github-stvp-tempredis-dev/
-rw-r--r-- root/root       476 2023-11-20 11:47 ./usr/share/doc/golang-github-stvp-tempredis-dev/changelog.Debian.gz
-rw-r--r-- root/root      1413 2023-11-20 11:46 ./usr/share/doc/golang-github-stvp-tempredis-dev/copyright
drwxr-xr-x root/root         0 2023-11-20 11:47 ./usr/share/gocode/
drwxr-xr-x root/root         0 2023-11-20 11:47 ./usr/share/gocode/src/
drwxr-xr-x root/root         0 2023-11-20 11:47 ./usr/share/gocode/src/github.com/
drwxr-xr-x root/root         0 2023-11-20 11:47 ./usr/share/gocode/src/github.com/stvp/
drwxr-xr-x root/root         0 2023-11-20 11:47 ./usr/share/gocode/src/github.com/stvp/tempredis/
-rw-r--r-- root/root       165 2023-11-20 11:47 ./usr/share/gocode/src/github.com/stvp/tempredis/config.go
-rw-r--r-- root/root        89 2023-11-20 11:47 ./usr/share/gocode/src/github.com/stvp/tempredis/dump.rdb
-rw-r--r-- root/root       328 2023-11-20 11:47 ./usr/share/gocode/src/github.com/stvp/tempredis/example_test.go
-rw-r--r-- root/root      3752 2023-11-20 11:47 ./usr/share/gocode/src/github.com/stvp/tempredis/tempredis.go
-rw-r--r-- root/root      1134 2023-11-20 11:47 ./usr/share/gocode/src/github.com/stvp/tempredis/tempredis_test.go

The bug can be reproduced by just running diffoscope on the two .deb files,
so I have attached them too.


-- 
cheers,
	Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Stop saying that we are all in the same boat.
We’re all in the same storm. But we’re not all in the same boat.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1066991.tgz
Type: application/x-gtar-compressed
Size: 6922 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20240316/8e1b74ea/attachment.tgz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20240316/8e1b74ea/attachment.sig>

More information about the Reproducible-builds mailing list