Package: dpkg Version: 1.17.5ubuntu5.5 Severity: normal Tags: upstream patch
Dear Maintainer, Comparison function pkg_sorter_by_listfile_phys_offs passed to qsort does not satisfy qsort symmetry requirements: for some inputs pkg_sorter_by_listfile_phys_offs(a, b) != - pkg_sorter_by_listfile_phys_offs(b, a) This may cause various qsort misbehaviors e.g. failing to properly sort input array (on some platforms qsort could even abort although that seems to not be the case for Linux and glibc). Here's some relevant info from gdb: (gdb) set $a = (const struct pkginfo **)((char *)data + i * sz) (gdb) set $b = (const struct pkginfo **)((char *)data + j * sz) (gdb) p $a.set.name $9 = 0x9a5390 "libndr0" (gdb) p $b.set.name $10 = 0xa39120 "gir1.0-gdata-0.0" (gdb) p $a.clientdata.listfile_phys_offs $11 = 0 (gdb) p $b.clientdata.listfile_phys_offs $12 = 0 (gdb) p pkg_sorter_by_listfile_phys_offs($a, $b) $7 = 1 (gdb) p pkg_sorter_by_listfile_phys_offs($b, $a) $8 = 1 The fix seems to be pretty trivial - explicitly handle the case of equal listfile_phys_offs. I've found this bug in Ubuntu 12.04 but it seems to be still present in current dpkg git. The bug was found via SortChecker tool (https://github.com/yugr/sortcheck). -- System Information: Debian Release: jessie/sid APT prefers trusty-updates APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty-proposed'), (500, 'trusty'), (100, 'trusty-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13.0-73-generic (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dpkg depends on: ii libbz2-1.0 1.0.6-5 ii libc6 2.19-0ubuntu6.6 ii liblzma5 5.1.1alpha+20120614-2ubuntu2 ii libselinux1 2.2.2-1ubuntu0.1 ii tar 1.27.1-1 ii zlib1g 1:1.2.8.dfsg-1ubuntu1 dpkg recommends no packages. Versions of packages dpkg suggests: ii apt 1.0.1ubuntu2.10 Best regards, Yury Gribov
dpkg-qsort-1.patch
Description: Binary data
