On Sat, Feb 22, 2025 at 08:08:52PM -0500, David Mandelberg wrote:
> Op 2025-02-22 om 19:20 schreef David Kalnischkies:
> > Sadly, I can't reproduce this hereā¦
>
> And I think I figured out why. If I change the Version line and the version
> in the Filename line, it only happens if the version is the same as the
> version that I currently have installed, not if it's less or greater. I'm
> going to assume you don't have dseomn-standard installed :)
>
> > Does it happen for you with (simulation mode, so no need for sudo):
> > apt-get --with-source ./Packages upgrade -s dseomn-standard
>
> Yes, and also with apt-cache (ignore locale-en_US, it just does what it says
> on the tin to make error messages in English):
>
> $ locale-en_US apt-get --with-source /tmp/tmp.VtKyaCzPyr/Packages upgrade -s
> NOTE: This is only a simulation!
> apt-get needs root privileges for real execution.
> Keep also in mind that locking is deactivated,
> so don't depend on the relevance to the real current situation!
> /usr/include/c++/14/bits/stl_vector.h:1130: std::vector<_Tp,
> _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](size_type) [with _Tp
> = pkgCacheGenerator::VersionExtra; _Alloc =
> std::allocator<pkgCacheGenerator::VersionExtra>; reference =
> pkgCacheGenerator::VersionExtra&; size_type = long unsigned int]: Assertion
> '__n < this->size()' failed.
> Afgebroken
> $ locale-en_US apt-cache --with-source /tmp/tmp.VtKyaCzPyr/Packages show
> dseomn-standard
> /usr/include/c++/14/bits/stl_vector.h:1130: std::vector<_Tp,
> _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](size_type) [with _Tp
> = pkgCacheGenerator::VersionExtra; _Alloc =
> std::allocator<pkgCacheGenerator::VersionExtra>; reference =
> pkgCacheGenerator::VersionExtra&; size_type = long unsigned int]: Assertion
> '__n < this->size()' failed.
> Afgebroken
>
Sorry that's quite clearly my fault; I created an array at runtime
indexed by version IDs, and I create items in it when allocating
versions, but when volatile sources are used; versions already are
allocated so I don't grow it accordingly.
This only applies when the volatile source contains the same version
as another source, as then it tries to compare their SHA256 values
(which are only stored in that run time array).
I figured that out on my phone yesterday, but it took a while to
get back to my laptop.
I haven't managed to find a test case yet, but the fix for this
should be:
diff --git a/apt-pkg/pkgcachegen.cc b/apt-pkg/pkgcachegen.cc
index 6e115e4f4..d6ba7bd99 100644
--- a/apt-pkg/pkgcachegen.cc
+++ b/apt-pkg/pkgcachegen.cc
@@ -396,7 +396,7 @@ bool pkgCacheGenerator::MergeListVersion(ListParser &List,
pkgCache::PkgIterator
if (List.SameVersion(Hash, Ver))
{
// We do not have SHA256 for both, so we cannot compare them,
trust the call from SameVersion()
- if (ListSHA256.empty() || VersionExtra[Ver->ID].SHA256[0] == 0)
+ if (ListSHA256.empty() || Ver->ID >= VersionExtra.size() ||
VersionExtra[Ver->ID].SHA256[0] == 0)
break;
// We have SHA256 for both, so they must match.
if (ListSHA256 ==
std::string_view(VersionExtra[Ver->ID].SHA256, 64))
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
