gnome-software displays wildly inaccurate estimate of package size when a certain deb file is double-clicked in nautilus

Bug #1713586 reported by Neil McPhail on 2017-08-28
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnome-software (Ubuntu)
Medium
Unassigned
Xenial
Medium
Robert Ancell

Bug Description

[Impact]
For .debs with a large Installed-Size GNOME Software shows the incorrect value. This is due to an integer overflow.

[Test Case]
1. Launch the attached test-deb_1_all.deb file in GNOME Software
2. Check the Size field.

Expected result:
Size is set to 3.9GB

Observed result:
Size is set to 18.4EB

[Regression Potential]
Took upstream commit that fixed this by using a 64 bit number to calculate size. Unlikely to cause further issues.

Changed in gnome-software (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Robert Ancell (robert-ancell) wrote :

It was an overflow (using an int to try and fit the value). This was fixed upstream in 3.22.

Changed in gnome-software (Ubuntu Xenial):
status: New → Fix Committed
importance: Undecided → Medium
Changed in gnome-software (Ubuntu):
status: Confirmed → Fix Released
Changed in gnome-software (Ubuntu Xenial):
assignee: nobody → Robert Ancell (robert-ancell)
description: updated

Hello Neil, or anyone else affected,

Accepted gnome-software into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnome-software/3.20.5-0ubuntu0.16.04.7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed verification-needed-xenial
Neil McPhail (njmcphail) wrote :

I installed gnome-software-common_3.20.5-0ubuntu0.16.04.7_all.deb, gnome-software_3.20.5-0ubuntu0.16.04.7_amd64.deb and ubuntu-software_3.20.5-0ubuntu0.16.04.7_amd64.deb. I cannot locate the original deb which cause the problem but I tried robert-ancell's test package before and after the new packages. I can confirm the bug is fixed for me.

Thanks!

tags: added: verification-done-xenial
removed: verification-needed-xenial
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-software - 3.20.5-0ubuntu0.16.04.7

---------------
gnome-software (3.20.5-0ubuntu0.16.04.7) xenial; urgency=medium

  * debian/patches/0016-Add-a-dpkg-plugin.patch:
  * debian/patches/0017-Add-an-APT-plugin.patch:
    - Fix overflow showing installed size (LP: #1713586)
  * debian/patches/0047-Use-the-developer-name-if-set-in-preference-to-the-p.patch:
    - Backport support for showing developer name
  * debian/patches/0018-Add-a-Snap-plugin.patch:
    - Show snap developer (LP: #1715054)
    - Set correct store name (LP: #1706500)
    - Show license field
    - Send Polkit interactive header (LP: #1736232)
    - Fix crash due to multiple threads accessing a cache (LP: #1716633)
  * debian/patches/0001-ubuntu-reviews-Fix-Wilson-score-calculation.patch:
    - Fix average rating calculation (LP: #1721419)

 -- Robert Ancell <email address hidden> Wed, 06 Dec 2017 10:36:16 +1300

Changed in gnome-software (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for gnome-software has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers