Debian Bug report logs - #808912
dpkg: pkg_sorter_by_listfile_phys_offs violates qsort requirements

Display info messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Yuri Gribov <tetra2005@gmail.com>

To: submit@bugs.debian.org

Subject: dpkg: pkg_sorter_by_listfile_phys_offs violates qsort requirements

Date: Thu, 24 Dec 2015 14:08:10 +0300

[Message part 1 (text/plain, inline)]

Package: dpkg
Version: 1.17.5ubuntu5.5
Severity: normal
Tags: upstream patch

Dear Maintainer,

Comparison function pkg_sorter_by_listfile_phys_offs passed to qsort
does not satisfy qsort symmetry requirements: for some inputs
pkg_sorter_by_listfile_phys_offs(a, b) != -
pkg_sorter_by_listfile_phys_offs(b, a)
This may cause various qsort misbehaviors e.g. failing to properly
sort input array
(on some platforms qsort could even abort although that seems to not be
the case for Linux and glibc).

Here's some relevant info from gdb:
(gdb) set $a = (const struct pkginfo **)((char *)data + i * sz)
(gdb) set $b = (const struct pkginfo **)((char *)data + j * sz)
(gdb) p $a.set.name
$9 = 0x9a5390 "libndr0"
(gdb) p $b.set.name
$10 = 0xa39120 "gir1.0-gdata-0.0"
(gdb) p $a.clientdata.listfile_phys_offs
$11 = 0
(gdb) p $b.clientdata.listfile_phys_offs
$12 = 0
(gdb) p pkg_sorter_by_listfile_phys_offs($a, $b)
$7 = 1
(gdb) p pkg_sorter_by_listfile_phys_offs($b, $a)
$8 = 1

The fix seems to be pretty trivial - explicitly handle the case of equal
listfile_phys_offs.

I've found this bug in Ubuntu 12.04 but it seems to be still present in
current dpkg git.

The bug was found via SortChecker tool (https://github.com/yugr/sortcheck).

-- System Information:
Debian Release: jessie/sid
  APT prefers trusty-updates
  APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500,
'trusty-proposed'), (500, 'trusty'), (100, 'trusty-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.13.0-73-generic (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dpkg depends on:
ii  libbz2-1.0   1.0.6-5
ii  libc6        2.19-0ubuntu6.6
ii  liblzma5     5.1.1alpha+20120614-2ubuntu2
ii  libselinux1  2.2.2-1ubuntu0.1
ii  tar          1.27.1-1
ii  zlib1g       1:1.2.8.dfsg-1ubuntu1

dpkg recommends no packages.

Versions of packages dpkg suggests:
ii  apt  1.0.1ubuntu2.10

Best regards,
Yury Gribov

[dpkg-qsort-1.patch (application/octet-stream, attachment)]

Message #8 received at 808912-submitter@bugs.debian.org (full text, mbox, reply):

From: Guillem Jover <guillem@debian.org>

To: 808912-submitter@bugs.debian.org

Subject: Bug#808912 in package dpkg marked as pending

Date: Fri, 25 Dec 2015 03:55:54 +0000

Control: tag 808912 pending

Hi!

Bug #808912 in package dpkg reported by you has been fixed in
the dpkg/dpkg.git Git repository. You can see the changelog below, and
you can check the diff of the fix at:

    https://anonscm.debian.org/diff/dpkg/dpkg.git/?id=873b44e

---
commit 873b44e35962bf3be07c8950d768610d0a5710a5
Author: Yuri Gribov <tetra2005@gmail.com>
Date:   Thu Dec 24 12:22:26 2015 +0100

    dpkg: Fix physical file offset comparison
    
    The comparison function pkg_sorter_by_listfile_phys_offs passed to qsort
    does not satisfy qsort symmetry requirements, for some inputs
    
      pkg_sorter_by_listfile_phys_offs(a, b) != -
      pkg_sorter_by_listfile_phys_offs(b, a)
    
    This may cause various qsort misbehaviors e.g. failing to properly sort
    the input array (on some platforms qsort could even abort although that
    seems to not be the case for glibc-based systems).
    
    Closes: #808912
    Signed-off-by: Guillem Jover <guillem@debian.org>
    Stable-Candidate: 1.16.x 1.17.x

diff --git a/debian/changelog b/debian/changelog
index 70bde36..f2c4dbe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -26,6 +26,8 @@ dpkg (1.18.4) UNRELEASED; urgency=medium
     Thanks to Hanno Böck <hanno@hboeck.de>.
   * Add experimental multithreaded xz compression support in libdpkg, which
     requires xz >= 5.2.0.
+  * Fix physical file offset comparison in dpkg. Closes: #808912
+    Thanks to Yuri Gribov <tetra2005@gmail.com>.
   * Test suite:
     - Improve perl code test coverage.
   * Build system:

Message #15 received at 808912-close@bugs.debian.org (full text, mbox, reply):

From: Guillem Jover <guillem@debian.org>

To: 808912-close@bugs.debian.org

Subject: Bug#808912: fixed in dpkg 1.18.4

Date: Fri, 25 Dec 2015 13:34:01 +0000

Source: dpkg
Source-Version: 1.18.4

We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 808912@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guillem Jover <guillem@debian.org> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 25 Dec 2015 13:20:26 +0100
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source
Version: 1.18.4
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description:
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
 libdpkg-dev - Debian package management static library
 libdpkg-perl - Dpkg perl modules
Closes: 760248 799046 799432 799875 800513 800649 801156 801329 801958 805872 806315 807156 808912
Changes:
 dpkg (1.18.4) unstable; urgency=medium
 .
   [ Guillem Jover ]
   * Switch dpkg-scansources and dpkg-scanpackages to use File::Find instead
     of find(1), as the former is more portable with more consistent behavior,
     and always canonicalizes the pathnames. Closes: #800649
   * Initialize Config-Version also for packages previously in triggers-pending
     state, otherwise we end up not passing the previously configured version
     to «postinst configure», which might consider this a first install instead
     of an upgrade. Closes: #801156
   * Fix memory leaks in «dpkg --verify» and dpkg infodb format upgrade logic.
   * Merge all update-alternatives action handling into a single if-else-if
     block, to unify the code an allow a future switch into a shared library.
   * Perform any necessary cleanups on normal exit from dpkg-divert --add and
     --remove commands.
   * Make dpkg-architecture warning on non-matching GNU system type compiler
     agnostic.
   * Add ‘.gitreview’ to the default dpkg-source ignore lists.
   * Add support for DPKG_MAINTSCRIPT_DEBUG environment variable to dpkg.
   * Fix dpkg-checkbuilddeps exit code to be 1 instead of a random error value
     on unsatisfied dependencies. Regression introduced in dpkg 1.18.3.
   * Fix an off-by-one write access in dpkg-deb when parsing the old format
     .deb control member size. Thanks to Hanno Böck <hanno@hboeck.de>.
     Fixes CVE-2015-0860.
   * Fix an off-by-one read access in dpkg-deb when parsing ar member names.
     Thanks to Hanno Böck <hanno@hboeck.de>.
   * Add experimental multithreaded xz compression support in libdpkg, which
     requires xz >= 5.2.0.
   * Fix physical file offset comparison in dpkg. Closes: #808912
     Thanks to Yuri Gribov <tetra2005@gmail.com>.
   * Fix usage of dpkg-architecture -s after other action options.
     Reported by Niels Thykier <niels@thykier.net>.
   * Add NIOS2 support to cputable. Thanks to Marek Vasut <marex@denx.de>.
   * On Debian and derivatives enable timeless build flag feature by default.
     Thanks to Paul Wise <pabs@debian.org>. Closes: #805872
   * Perl modules:
     - Add support for Build-Essential field. Closes: #806315
   * Test suite:
     - Improve perl code test coverage.
   * Build system:
     - Set PERL5LIB globally for the test suite to the local modules directory,
       to avoid using the system modules. Regression introduced in dpkg 1.17.8.
       Reported by Jérémy Bobbio <lunar@debian.org>. Closes: #801329
     - Use absolute buildir pathnames in PATH variable for the test suite.
     - Descend into scripts directory when cleaning up code coverage files.
     - Add new configure option --disable-devel-docs to select the kind of docs
       to generate, default for now is development documentation.
     - Try to use AM_GNU_GETTEXT_REQUIRE_VERSION to benefit from the latest
       installed gettext version, while guaranteeing a minimal required version.
   * Packaging:
     - Add missing Build-Depends for restriction formula support.
   * Documentation:
     - Move description for “target architecture” from the dpkg-architecture(1)
       ‘-A’ option to the TERMS section. Closes: #799046
     - Clarify that the md5sum check on «dpkg --verify» is performed on the
       file contents, and failures denote changed content. Closes: #760248
     - Document that dpkg-buildpacakge -nc -S implies -d.
     - Clarify role of Build-Depends in deb-src-control(5).
       Prompted by Johannes Schauer <j.schauer@email.de>.
     - Document supported feature areas.
     - Clarify in dpkg-query(1) when binary:Package gets arch-qualified.
       Closes: #801958
     - Add a subsection separating external from internal environment variables
       in dpkg(1).
 .
   [ Updated programs translations ]
   * Dutch (Frans Spiesschaert). Closes: #800513
   * Japanese (Kenshi Muto). Closes: #799432
   * Turkish (Mert Dirik). Closes: #799875
 .
   [ Updated scripts translations ]
   * German (Helge Kreutzmann).
 .
   [ Updated manpages translations ]
   * German (Helge Kreutzmann, Julian R). Closes: #807156
Checksums-Sha1:
 4f1df693463e7279d4d0362dbb00b6116353a933 2053 dpkg_1.18.4.dsc
 87707de6726d27f2c60fbd95bfaf90f888e2afe8 4377024 dpkg_1.18.4.tar.xz
Checksums-Sha256:
 bcf295adfb7d467220586789f3e7b2de78ded2ea035c9c0ba4e97283d39eeb6f 2053 dpkg_1.18.4.dsc
 fe89243868888ce715bf45861f26264f767d4e4dbd0d6f1a26ce60bbbbf106da 4377024 dpkg_1.18.4.tar.xz
Files:
 32a406117e41c649a0df42289d2a8860 2053 admin required dpkg_1.18.4.dsc
 e95b513c89693f6ec3ab53b6b1c3defd 4377024 admin required dpkg_1.18.4.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWfUNzAAoJELlyvz6krlejO5YP/iDDalDQ7TIRBiR9MysEkzcx
M6p9FZ0eSZY0a3sL9UZ8rYJXPmGuZSRCp9ekFucwMY0wEb/qHjy9roDWWDv7ih9b
WPqIPKPv/nuWX7hOqWXAyrkmyeTKS8nhRrf2jBSKSVhm/uGpKiB9Q2i1+7SYSIDf
OPzO+RmDeQuFRiTrAeUrTxz+qyEfbnlWer5ZyEGDNssV6TQQHSwEkYxyhc9jsoE6
xz5AeF2DhV04rM9m9qk5dBPAN8YWTJK7xqE1MC9lQ/UZp35jhryvChbnWbWAC49M
k8xe5AfrDDWclBfSbCeyoISuTNq9m2KLHbNAAhCqPWZFWgT/7rY9QnRxFXNsjPvr
Vr2kfpBy0oR7JEFS4YZvUkVNgDUopgCEEwi5b4wdm6X/NeUHfInfq9DLvyOKeDGa
LY0hazSYNxi4c7ek0TvR1APZEDcN7LVdi3XDc5A3b/y6zcSwhesMCFKro88QDvEO
YwTqznU3gwRPMyAhrINnJIfOdrgLMC8iwqtNDrDqCTJmxGBhTlbRueVXhBcJ9ue9
7i4pdfTx6KVRBVDJNQfp1krITYv6KbqqbqZE4Hui6knXdfamWBkQaCf7uLy4GGv9
RIATMrUBOZK8YNUwIiaaCl+N8X2MybEf7OayWNQsqtkEj7FRX6yR7vNY1rtXprGa
Mfc5QPR0ZmEcbjscpws/
=ZS2K
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.