Bug#926969: libapt-pkg: SetSignedBy can attempt to access index -1 in an array

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Bug#926969: libapt-pkg: SetSignedBy can attempt to access index -1 in an array

sam-80
Package: libapt-pkg5.0
Version: 1.4.9
Severity: normal
Tags: patch

Dear Maintainer,

In troubleshooting of another problem I found an invalid memory access testing with ASAN.  Attached is a patch to ensure this does not happen.


-- System Information:
Debian Release: 9.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libapt-pkg5.0 depends on:
ii  libbz2-1.0  1.0.6-8.1
ii  libc6       2.24-11+deb9u3
ii  libgcc1     1:6.3.0-18+deb9u1
ii  liblz4-1    0.0~r131-2+b1
ii  liblzma5    5.2.2-1.2+b1
ii  libstdc++6  6.3.0-18+deb9u1
ii  zlib1g      1:1.2.8.dfsg-5

Versions of packages libapt-pkg5.0 recommends:
ii  apt  1.4.9

libapt-pkg5.0 suggests no packages.

-- no debconf information

apt.patch (1K) Download Attachment