Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.9.0 2024-03-21T21:31:04Z 2024-03-21T21:31:04Z Julian Andres Klode julian.klode@canonical.com 2024-03-21T21:28:44Z urn:sha1:88e55d1b7237e6c3b5689b7ce154ef98b11fbf74 If we get called twice with the same offset, our d->Start and d->iOffset will already point at the offset for the next section. But since we have the start of the last parsed section still in the buffer, just make sure to always go back to the start first. Closes: #1067440 2024-02-20T12:49:04Z Julian Andres Klode julian.klode@canonical.com 2024-02-20T12:43:08Z urn:sha1:40a75722c43ae24cb9a99d6730a3b25b65819c49 This was automated with sed and git-clang-format, and then I had to fix up the top of policy.cc by hand as git-clang-format accidentally indented it by two spaces. 2022-04-01T12:16:19Z David Kalnischkies david@kalnischkies.de 2022-04-01T11:45:09Z urn:sha1:472376be6818b5ea43250abcbecfcab53b4a729a The speed critical paths were converted earlier, but the remaining could benefit a tiny bit from this as well especially as we have the facility now available and can therefore brush up the code in various places in the process as well. Also takes the time to add the hidden Exists method advertised in the headers, but previously not implemented. 2022-04-01T12:16:19Z David Kalnischkies david@kalnischkies.de 2022-03-28T16:05:44Z urn:sha1:0b156cd1711a5e27643b941f5a321a62e5a9b628 FindS has a APT::StringView based API nowadays, so we can avoid these explicit calls also allowing us to avoid the std::string in input or output entirely or at least move it a few branches down. 2020-02-26T17:12:18Z David Kalnischkies david@kalnischkies.de 2020-02-20T11:49:15Z urn:sha1:110078022a6c6103be8f557aef1e268c4b680d88 No sensible file should include these, but even insensible files do not gain unfair advantages with it as this parser does not deal with security critical files before they haven't passed other checks like signatures or hashsums. The problem is that the parser accepts and parses empty tag names correctly, but does not store the data parsed which will effect later passes over the data resulting e.g. in the following tag containing the name and value of the previous (empty) tag, its own tagname and its own value or a crash due to an attempt to access invalid memory depending on who passes over the data and what is done with it. This commit fixes both, the incidient of the crash reported by Anatoly Trosinenko who reproduced it via apt-sortpkgs: | $ cat /tmp/Packages-null | 0: | PACKAGE:0 | | : | PACKAGE: | | PACKAGE:: | $ apt-sortpkgs /tmp/Packages-null and the deeper parsing issue shown by the included testcase. Reported-By: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> References: 8710a36a01c0cb1648926792c2ad05185535558e 2020-02-20T12:35:51Z Julian Andres Klode julian.klode@canonical.com 2020-02-20T12:34:37Z urn:sha1:5bdb1892514c641fb0ebcc3103e6f503cdd4b04b Check that the index we're going to use is within the size of the array. 2020-02-20T12:35:27Z Julian Andres Klode julian.klode@canonical.com 2020-02-20T12:25:10Z urn:sha1:942be407ee8b6ca1089ed9c2f135ca4ed89c44fc This fixes a segmentation fault trying to read from nullptr+1, aka address 1. 2019-04-16T10:59:54Z David Kalnischkies david@kalnischkies.de 2019-04-14T23:56:20Z urn:sha1:febbe5e33b2105c8f40006a4b92ab5aa169aa03c warning: but ‘pkgTagFilePrivate::FileChunk::FileChunk(bool, size_t)’ does not throw; perhaps it should be declared ‘noexcept’ [-Wnoexcept] Reported-By: gcc-9 Gbp-Dch: Ignore 2019-02-26T15:31:20Z Julian Andres Klode julian.klode@canonical.com 2019-02-26T11:14:59Z urn:sha1:975316780b2ba3d4e60592fac9d4eb99ffc4c924 2019-02-01T13:51:56Z David Kalnischkies david@kalnischkies.de 2019-02-01T13:51:56Z urn:sha1:5caa8cac3bc0ffa8b5360f3e5d5c84e710eb394b Implementing a parser with recursion isn't the best idea, but in practice we should get away with it for the time being to avoid needless codechurn. Closes: #920317 #921037