Bug#1071219: apt: debListParser fails to parse arch lists with extraneous whitespace: terminate called after throwing an instance of 'std::length_error'
(This mail is only related to the quoted sidenote question) On Thu, May 16, 2024 at 02:11:41PM +0200, Andreas Beckmann wrote: > not sure if it is allowed to inject spaces between '!' and arch as in > ..." ppc64 ! mips64el ! s390x "... No, debian-policy §7.1 says "Exclamation marks may be prepended to each of the names." and said right before that "[…] names […] separated by whitespace". dpkg agrees on this: | LANG=C dpkg-checkbuilddeps -d 'foobar [! amd64]' /dev/null | dpkg-checkbuilddeps: error: '!' is not a legal architecture in list '! amd64' It does have interesting behaviour on another whitespace-related case which is forbidden by policy via "The brackets enclose a non-empty list": | LANG=C dpkg-checkbuilddeps -d 'foobar []' /dev/null | dpkg-checkbuilddeps: warning: can't parse dependency foobar [] | dpkg-checkbuilddeps: error: cannot parse Build-Depends/Build-Depends-Arch/Build-Depends-Indep field vs | LANG=C dpkg-checkbuilddeps -d 'foobar [ ]' /dev/null && echo 'OK' | OK (but undefined behaviour on bad input isn't too bad) As a sidenote, as you haven't started with a '!' that string is a policy violation due to "(It is not permitted for some names to be prepended with exclamation marks while others aren’t.)". dpkg and APT both parse such strings and do what might be meant by it through. Best regards David Kalnischkies signature.asc Description: PGP signature
Bug#1071219: apt: debListParser fails to parse arch lists with extraneous whitespace: terminate called after throwing an instance of 'std::length_error'
Control: severity -1 normal On Thu, May 16, 2024 at 02:11:41PM +0200, Andreas Beckmann wrote: > Package: apt > Version: 2.9.2 > Severity: serious > > one package to reproduce this bug is mpich 4.2.0-5.1 > > mpich-4.2.0# apt-get build-dep -y . > Note, using directory '.' to get the build dependencies > terminate called after throwing an instance of 'std::length_error' > what(): basic_string::_M_create > Aborted (core dumped) > > Running this through gdb and extracting the interesting part of the > backtrace: > > #11 0x77e28c6c in std::__cxx11::basic_string std::char_traits, std::allocator >::basic_string void> (__a=..., > __end=0x555baade " amd64 powerpc armhf],\n"..., > __beg=0x555baadf "amd64 powerpc armhf],\n"..., this=0x7fffd670) > at /usr/include/c++/13/bits/basic_string.h:765 > #12 debListParser::ParseDepends (Start=, > Start@entry=0x555baabb "valgrind [i386 arm64 ppc64el ppc64 amd64 > powerpc armhf],\n"..., > Stop=Stop@entry=0x555bab15 "\nBuild-Conflicts: libamdhip64-dev\n"..., > Package=..., Ver=..., Op=@0x7fffd930: 0, ParseArchFlags=, > StripMultiArch=, ParseRestrictionsList=, > Arch=...) at ./apt-pkg/deb/deblistparser.cc:667 > > Note the double space in ..."ppc64 amd64"... > It tries to create a std::string with __end < __beg resulting in a > negative (or insane) length. Don't do that then. I mean it is failing safely, this is highly unusual so it's not a critical bug in any sort of shape for apt (but sure for packages actually doing that in the archive since they don't build correctly or whatever). -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
Bug#1071219: apt: debListParser fails to parse arch lists with extraneous whitespace: terminate called after throwing an instance of 'std::length_error'
Package: apt Version: 2.9.2 Severity: serious one package to reproduce this bug is mpich 4.2.0-5.1 mpich-4.2.0# apt-get build-dep -y . Note, using directory '.' to get the build dependencies terminate called after throwing an instance of 'std::length_error' what(): basic_string::_M_create Aborted (core dumped) Running this through gdb and extracting the interesting part of the backtrace: #11 0x77e28c6c in std::__cxx11::basic_string, std::allocator >::basic_string (__a=..., __end=0x555baade " amd64 powerpc armhf],\n"..., __beg=0x555baadf "amd64 powerpc armhf],\n"..., this=0x7fffd670) at /usr/include/c++/13/bits/basic_string.h:765 #12 debListParser::ParseDepends (Start=, Start@entry=0x555baabb "valgrind [i386 arm64 ppc64el ppc64 amd64 powerpc armhf],\n"..., Stop=Stop@entry=0x555bab15 "\nBuild-Conflicts: libamdhip64-dev\n"..., Package=..., Ver=..., Op=@0x7fffd930: 0, ParseArchFlags=, StripMultiArch=, ParseRestrictionsList=, Arch=...) at ./apt-pkg/deb/deblistparser.cc:667 Note the double space in ..."ppc64 amd64"... It tries to create a std::string with __end < __beg resulting in a negative (or insane) length. The nasty thing is that the error only happens if there has been no match, yet. I.e on amd64 ..."amd64 ppc64el"... would *not* have caused the error. I'm not sure how to build a test string that reliably works on all architectures... Anyway, apt should be able to parse the following string correctly: "Build-Depends: foobar [ i386 armhf armel amd64 ] , blah [ !arm64 !x32 !amd64 ] , baz" not sure if it is allowed to inject spaces between '!' and arch as in ..." ppc64 ! mips64el ! s390x "... (I noticed this due to the salsa-ci failure while building mpich) e.g. https://salsa.debian.org/science-team/mpich/-/jobs/5731958 Andreas PS: This will probably be "fixed" in mpich 4.2.0-6
