Hi David,
you were quicker. Thanks! :-)
David Kalnischkies wrote:
> On Sat, Feb 13, 2021 at 06:11:03PM +0100, Lucas Nussbaum wrote:
> > Relevant part (hopefully):
> […]
> > > FAIL: cppunit_test
> […]
> | aptitude_resolver.cc:680 ERROR - Invalid hint "-143 aptitude <4.3.0": the
> action "-143" should be "approve", "reject", or a number.
Yep, also found this to be the failing test and suspected apt
2.1.19/2.1.20 as the culprit. Especially "Forbid negative values in
unsigned StrToNum explicitly" of 2.1.19 looked suspiciously related.
;-)
> The test uses aptitude_resolver::hint::parse in
> src/generic/apt/aptitude_resolver.cc
> which in line 676 uses StrToNum to parse the hint which fails with
> apt >= 2.1.19 as StrToNum is refusing to parse negative numbers now.
>
> The data type of StrToNum is unsigned and using strtoull internally
> which works on an unsigned long long (ull), too, but defines that
> for negative numbers "the negation of the result of the conversion" is
> returned… which tends to be unexpected (Negative numbers played a minor
> role in e.g. CVE-2020-27350 for example).
[…]
> So I guess what is intended here is more like:
> | char * endptr;
> | errno = 0;
> | auto score_tweaks = strtol(action.c_str(), &endptr, 10);
> | if (errno != 0 || *endptr != '\0')
Will test, thanks!
> Note that I have not checked my hypotheses. (The code samples are also
> typed in my mail client, so I have probably included some typos letting
> them not even compile.)
I'm glad about your reply definitely.
> Sorry for this breaking change this late in the cycle!
Apology accepted. :-)
> If its any consolation I am also angry that I not only not managed
> to finish the fuzzing project in time, but also not managed to
> salvage the more useful bit in a more timely fashion either.
Actually, when I read that changelog summary, I just thought "Wow!" So
please please keep on that work! Better late than never! :-)
Regards, Axel
--
,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
