Bug#158092: apt-get mishandles /var/lib/dpkg/status with bufffer aligned EOF

To: <submit@bugs.debian.org>
Subject: Bug#158092: apt-get mishandles /var/lib/dpkg/status with bufffer aligned EOF
From: Eirik Fuller <eirik@hackrat.com>
Date: Sun, 25 Aug 2002 01:29:26 -0700 (PDT)
Message-id: <[🔎] 20020825082926.9AE48690051@ns.hackrat.org>
Reply-to: Eirik Fuller <eirik@hackrat.com>, 158092@bugs.debian.org

Package: apt
Version: 0.5.4

Sorry about the cryptic subject line; I don't know how to describe
this problem both clearly and concisely.  Here's the description which
doesn't fit in the subject line:

In pkgTagFile::Step an error is reported if Tag.Scan returns false
immediately after Fill returns true.  This is not supposed to occur
because Fill is supposed to return false unless it reads enough
additional data.

If the last chunk of /var/lib/dpkg/status exactly fits in the buffer
used by pkgTagFile::Fill, the code in pkgTagFile::Fill which sets Done
to true is skipped, and pkgTagFile::Fill correctly returns true.  The
next time Tag.Scan returns false (because it has processed all of the
packages in /var/lib/dpkg/status), pkgTagFile::Step calls Fill again.

Next pkgTagFile::Fill sets both Start and End to Buffer (EndSize is
zero because the last package description lines up exactly), skips the
code for (Done == true), reads zero bytes from the status file, adds
that to End (so Start and End are still the same), sets Done to true,
and returns true.  Then pkgTagFile::Step passes an empty package list
(a zero length string) to Tag.Scan, which returns false.

http://hackrat.com/status is a copy of the /var/lib/dpkg/status file
which triggered this problem on one of my systems.  I've confirmed
that copying it to /var/lib/dpkg/status on another system with apt
0.5.4 triggers the same problem (I recommend renaming the real one and
putting it back after testing is complete).  The error message I get
from apt-get is:

	Reading Package Lists... Error!
	E: Unable to parse package file /var/lib/dpkg/status (1)
	E: The package lists or status file could not be parsed or opened.

I found a workaround for this problem; if I remove the last newline
from /var/lib/dpkg/status apt-get no longer complains.

This patch seems to fix the problem:


--- apt-0.5.4/apt-pkg/tagfile.cc-	2001-05-13 22:56:26.000000000 -0700
+++ apt-0.5.4/apt-pkg/tagfile.cc	2002-08-25 00:35:20.000000000 -0700
@@ -133,7 +133,10 @@ bool pkgTagFile::Fill()
       End = Buffer + Size;
    }*/
    
-   return true;
+   while (Start < End && *Start == '\n')
+     Start++;
+
+   return End > Start;
 }
 									/*}}}*/
 // TagFile::Jump - Jump to a pre-recorded location in the file		/*{{{*/


If I omit the code which trims leading newlines from the beginning of
the buffer, I still get errors if I append additional newlines to the
end of the /var/lib/dpkg/status file which triggers the problem (but
apt-get does seem to handle arbitrarily many trailing newlines if the
end of the last package description is not aligned with the buffer).
I don't think there's any harm in trimming leading newlines from the
beginning of the buffer, but someone might want to double check that.

Reply to:

Prev by Date: Endlich habe ich Dich gefunden !!!
Next by Date: Bug#158117: apt: missing Label field in Release file causes apt-cache policy to output garbage
Previous by thread: Endlich habe ich Dich gefunden !!!
Next by thread: Bug#158117: apt: missing Label field in Release file causes apt-cache policy to output garbage
Index(es):
- Date
- Thread