Bug#995118: python3-apt: TagSection: segfault in keys() on non-Unicode data
Package: python3-apt
Version: 2.2.1
Severity: normal
Tags: upstream
I was looking at a check in dak where we check that field names and
values are valid UTF-8. dak used to try to decode the field names and
values from a `TagSection` for this, but in Python 3 everything is
already a Unicode `str`, so this check doesn't really work any longer.
I checked what `TagSection` does when fed non-UTF-8 data:
Non-UTF-8 values seem to work:
+---
| import apt_pkg
| t = apt_pkg.TagSection(b"Field: V\xe4lue\n")
| t["Field"]
| -> UnicodeDecodeError: 'utf-8' codec can't decode byte 0xe4 in position 1: invalid continuation byte
+---
So we can just try to access all field values in dak and reject the
upload if a `UnicodeDecodeError` was raised for any of them.
However, non-UTF-8 field names result in a segmentation fault:
+---
| import apt_pkg
| t = apt_pkg.TagSection(b"F\xefeld: Value\n")
| t.keys()
| -> segmentation fault
+---
Ansgar
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'testing'), (500, 'stable'), (300, 'buildd-unstable'), (300, 'unstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.14.0-1-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages python3-apt depends on:
ii distro-info-data 0.51
ii libapt-pkg6.0 2.3.9
ii libc6 2.32-4
ii libgcc-s1 11.2.0-7
ii libstdc++6 11.2.0-7
ii python-apt-common 2.2.1
ii python3 3.9.2-3
Versions of packages python3-apt recommends:
ii iso-codes 4.7.0-1
ii lsb-release 11.1.0
Versions of packages python3-apt suggests:
ii apt 2.3.9
ii python-apt-doc 2.2.1
pn python3-apt-dbg <none>
-- no debconf information
Reply to: