Bug#657732: apt: resolver scores can overflow signed short

[Colin Watson <cjwatson@ubuntu.com>]

Package: apt
Version: 0.8.16~exp9
Severity: normal
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu ubuntu-patch precise

In sufficiently large upgrades, it's possible for the resolver scores of
very important packages such as libc6 to overflow a signed short.  This
is visible here, with libc6 ending up with a score of -17473 when as far
as I can see the resolver can never give anything a score lower than -2
(short of changes to certain configuration items which aren't present):

  https://bugs.launchpad.net/ubuntu/+source/apt/+bug/917173

I haven't yet been able to verify that the following patch fixes all the
problems in this upgrade, but it very much looks as though it should at
least improve the situation.

=== modified file 'apt-pkg/algorithms.cc'
--- apt-pkg/algorithms.cc	2011-11-10 15:56:21 +0000
+++ apt-pkg/algorithms.cc	2012-01-28 12:17:08 +0000
@@ -475,7 +475,7 @@ pkgProblemResolver::pkgProblemResolver(p
 {
    // Allocate memory
    unsigned long Size = Cache.Head().PackageCount;
-   Scores = new signed short[Size];
+   Scores = new int[Size];
    Flags = new unsigned char[Size];
    memset(Flags,0,sizeof(*Flags)*Size);
    
@@ -515,20 +515,20 @@ void pkgProblemResolver::MakeScores()
    memset(Scores,0,sizeof(*Scores)*Size);
 
    // Important Required Standard Optional Extra
-   signed short PrioMap[] = {
+   int PrioMap[] = {
       0,
-      (signed short) _config->FindI("pkgProblemResolver::Scores::Important",3),
-      (signed short) _config->FindI("pkgProblemResolver::Scores::Required",2),
-      (signed short) _config->FindI("pkgProblemResolver::Scores::Standard",1),
-      (signed short) _config->FindI("pkgProblemResolver::Scores::Optional",-1),
-      (signed short) _config->FindI("pkgProblemResolver::Scores::Extra",-2)
+      _config->FindI("pkgProblemResolver::Scores::Important",3),
+      _config->FindI("pkgProblemResolver::Scores::Required",2),
+      _config->FindI("pkgProblemResolver::Scores::Standard",1),
+      _config->FindI("pkgProblemResolver::Scores::Optional",-1),
+      _config->FindI("pkgProblemResolver::Scores::Extra",-2)
    };
-   signed short PrioEssentials = _config->FindI("pkgProblemResolver::Scores::Essentials",100);
-   signed short PrioInstalledAndNotObsolete = _config->FindI("pkgProblemResolver::Scores::NotObsolete",1);
-   signed short PrioDepends = _config->FindI("pkgProblemResolver::Scores::Depends",1);
-   signed short PrioRecommends = _config->FindI("pkgProblemResolver::Scores::Recommends",1);
-   signed short AddProtected = _config->FindI("pkgProblemResolver::Scores::AddProtected",10000);
-   signed short AddEssential = _config->FindI("pkgProblemResolver::Scores::AddEssential",5000);
+   int PrioEssentials = _config->FindI("pkgProblemResolver::Scores::Essentials",100);
+   int PrioInstalledAndNotObsolete = _config->FindI("pkgProblemResolver::Scores::NotObsolete",1);
+   int PrioDepends = _config->FindI("pkgProblemResolver::Scores::Depends",1);
+   int PrioRecommends = _config->FindI("pkgProblemResolver::Scores::Recommends",1);
+   int AddProtected = _config->FindI("pkgProblemResolver::Scores::AddProtected",10000);
+   int AddEssential = _config->FindI("pkgProblemResolver::Scores::AddEssential",5000);
 
    if (_config->FindB("Debug::pkgProblemResolver::ShowScores",false) == true)
       clog << "Settings used to calculate pkgProblemResolver::Scores::" << endl
@@ -550,7 +550,7 @@ void pkgProblemResolver::MakeScores()
       if (Cache[I].InstallVer == 0)
 	 continue;
       
-      signed short &Score = Scores[I->ID];
+      int &Score = Scores[I->ID];
       
       /* This is arbitrary, it should be high enough to elevate an
          essantial package above most other packages but low enough
@@ -588,7 +588,7 @@ void pkgProblemResolver::MakeScores()
    }   
    
    // Copy the scores to advoid additive looping
-   SPtrArray<signed short> OldScores = new signed short[Size];
+   SPtrArray<int> OldScores = new int[Size];
    memcpy(OldScores,Scores,sizeof(*Scores)*Size);
       
    /* Now we cause 1 level of dependency inheritance, that is we add the 

=== modified file 'apt-pkg/algorithms.h'
--- apt-pkg/algorithms.h	2011-12-13 00:22:38 +0000
+++ apt-pkg/algorithms.h	2012-01-28 12:30:55 +0000
@@ -96,7 +96,7 @@ class pkgProblemResolver						/*{{{*/
    enum Flags {Protected = (1 << 0), PreInstalled = (1 << 1),
                Upgradable = (1 << 2), ReInstateTried = (1 << 3),
                ToRemove = (1 << 4)};
-   signed short *Scores;
+   int *Scores;
    unsigned char *Flags;
    bool Debug;
    

Thanks,

-- 
Colin Watson                                       [cjwatson@ubuntu.com]