off-by-one error when translating source records build depends
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-apt (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Xenial |
Triaged
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Out-of-bounds read in an array, causing segmentation fault
[Testcase]
On amd64:
python3-dbg -c 'import apt, apt_pkg; sr=apt_
crashes.
[Regression potential]
This is a simple off-by-one fix. There really should be no regressions, but if there were, only for people using SourceRecords.
diff --git a/python/
index 9ca21c5a..77b490cb 100644
--- a/python/
+++ b/python/
@@ -220,7 +220,7 @@ static PyObject *PkgSrcRecordsG
- if (pkgCache::Dep::Or != (bd[i].Op & pkgCache::Dep::Or) || i == bd.size())
+ if (pkgCache::Dep::Or != (bd[i].Op & pkgCache::Dep::Or) || i + 1 >= bd.size())
i++;
}
The underlying problem is caused by bug 1694697 actually, but this is still a bug on its own.