apt/trusty: Stack overflow in apt-ftparchive; on arm64, breaking about a third of the tests

Bug #1817048 reported by Julian Andres Klode on 2019-02-21
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Unassigned

Bug Description

[Impact]
autopkgtest suite on arm64 is basically useless, as about a third of the tests do not work, because they rely on apt-ftparchive generating an archive

[Test case]
Substantially less tests should fail, there should be no segfaults.

[Regression potential]
I am cherry-picking a fix that changes statically length arrays (that are too small) to vector. A possible regression could be fields missing I guess, it should definitely be easily noticeable. Low risk.

Changed in apt (Ubuntu Trusty):
status: New → Triaged
Changed in apt (Ubuntu):
status: New → Fix Released
Changed in apt (Ubuntu Trusty):
status: Triaged → In Progress

Hello Julian, or anyone else affected,

Accepted apt into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.0.1ubuntu2.21 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-trusty to verification-done-trusty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-trusty. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in apt (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-trusty
Julian Andres Klode (juliank) wrote :

Verified - The complete test suite now passes on arm64 with apt/1.0.1ubuntu2.21.

tags: added: verification-done verification-done-trusty
removed: verification-needed verification-needed-trusty
Łukasz Zemczak (sil2100) wrote :

Hello Julian, or anyone else affected,

Accepted apt into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.0.1ubuntu2.22 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-trusty to verification-done-trusty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-trusty. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

tags: added: verification-needed verification-needed-trusty
removed: verification-done verification-done-trusty
Julian Andres Klode (juliank) wrote :

All tests passed with 1.0.1ubuntu2.22 as well.

tags: added: verification-done verification-done-trusty
removed: verification-needed verification-needed-trusty
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 1.0.1ubuntu2.22

---------------
apt (1.0.1ubuntu2.22) trusty; urgency=medium

  * apt.dirs: Install auth.conf.d directory (LP: #1818996)
  * Merge translations from 1.2.31

apt (1.0.1ubuntu2.21) trusty; urgency=medium

  [ Julian Andres Klode ]
  * travis CI: Use docker container to get useful results
  * fix and non-silent fail dpkg-overwrite error test (LP: #1817088)
  * Introduce experimental 'never' pinning for sources (LP: #1814727)
  * Add support for /etc/apt/auth.conf.d/*.conf (netrcparts) (LP: #1811120)
  * Add a Packages-Require-Authorization Release file field (LP: #1814727)
  * NeverAutoRemove kernel meta packages (LP: #1787460)
  * Introduce APT::Install::Pre-Invoke / Post-Invoke-Success (LP: #1815761)

  [ David Kalnischkies ]
  * ftparchive/writer.cc: use a std::vector instead of hardcoded array
    (LP: #1817048)

 -- Julian Andres Klode <email address hidden> Tue, 12 Mar 2019 15:15:54 +0100

Changed in apt (Ubuntu Trusty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for apt has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers