Debian Bug report logs - #877473
diffoscope: crashes on malformed fonts-humor-sans_1.0-2_all.deb: IndexError: string index out of range

version graph

Package: diffoscope; Maintainer for diffoscope is Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>; Source for diffoscope is src:diffoscope (PTS, buildd, popcon).

Reported by: Andreas Beckmann <anbe@debian.org>

Date: Mon, 2 Oct 2017 04:33:01 UTC

Severity: important

Found in version diffoscope/78

Fixed in version diffoscope/88

Done: Mattia Rizzolo <mattia@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>:
Bug#877473; Package diffoscope. (Mon, 02 Oct 2017 04:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to Andreas Beckmann <anbe@debian.org>:
New Bug report received and forwarded. Copy sent to Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>. (Mon, 02 Oct 2017 04:33:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <anbe@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: diffoscope: crashes on malformed fonts-humor-sans_1.0-2_all.deb: IndexError: string index out of range
Date: Mon, 02 Oct 2017 06:30:03 +0200
Package: diffoscope
Version: 78
Severity: important

$ debsnap -d . -a all fonts-humor-sans 1.0-1
$ debsnap -d . -a all fonts-humor-sans 1.0-2
$ diffoscope fonts-humor-sans_1.0-1_all.deb fonts-humor-sans_1.0-2_all.deb
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/diffoscope/main.py", line 412, in main
    sys.exit(run_diffoscope(parsed_args))
  File "/usr/lib/python3/dist-packages/diffoscope/main.py", line 384, in run_diffoscope
    difference = compare_root_paths(path1, path2)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/compare.py", line 65, in compare_root_paths
    return compare_files(file1, file2)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/compare.py", line 104, in compare_files
    return file1.compare(file2, source)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/file.py", line 351, in compare
    difference = self._compare_using_details(other, source)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/file.py", line 306, in _compare_using_details
    details.extend(self.as_container.compare(other.as_container, no_recurse=no_recurse))
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/container.py", line 169, in compare_pair
    difference = compare_files(file1, file2, source=None, diff_content_only=no_recurse)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/compare.py", line 104, in compare_files
    return file1.compare(file2, source)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/file.py", line 351, in compare
    difference = self._compare_using_details(other, source)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/file.py", line 306, in _compare_using_details
    details.extend(self.as_container.compare(other.as_container, no_recurse=no_recurse))
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/container.py", line 169, in compare_pair
    difference = compare_files(file1, file2, source=None, diff_content_only=no_recurse)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/compare.py", line 104, in compare_files
    return file1.compare(file2, source)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/file.py", line 351, in compare
    difference = self._compare_using_details(other, source)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/file.py", line 306, in _compare_using_details
    details.extend(self.as_container.compare(other.as_container, no_recurse=no_recurse))
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/container.py", line 169, in compare_pair
    difference = compare_files(file1, file2, source=None, diff_content_only=no_recurse)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/compare.py", line 104, in compare_files
    return file1.compare(file2, source)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/file.py", line 351, in compare
    difference = self._compare_using_details(other, source)
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/utils/file.py", line 297, in _compare_using_details
    details.extend(self.compare_details(other, source))
  File "/usr/lib/python3/dist-packages/diffoscope/comparators/deb.py", line 157, in compare_details
    self.path, other.path, source="line order")]
  File "/usr/lib/python3/dist-packages/diffoscope/difference.py", line 224, in from_text_readers
    **kwargs
  File "/usr/lib/python3/dist-packages/diffoscope/difference.py", line 182, in from_feeder
    unified_diff = diff(feeder1, feeder2)
  File "/usr/lib/python3/dist-packages/diffoscope/diff.py", line 252, in diff
    return run_diff(fifo1_path, fifo2_path, fifo1.end_nl_q, fifo2.end_nl_q)
  File "/usr/lib/python3/dist-packages/diffoscope/diff.py", line 209, in __exit__
    self.join()
  File "/usr/lib/python3/dist-packages/diffoscope/diff.py", line 242, in join
    raise self._exception
  File "/usr/lib/python3/dist-packages/diffoscope/diff.py", line 233, in run
    end_nl = self.feeder(fifo)
  File "/usr/lib/python3/dist-packages/diffoscope/feeders.py", line 58, in feeder
    end_nl = buf[-1] == '\n'
IndexError: string index out of range


I noticed this in a stretch(+ some buster) system, and verified it in a sid chroot
(the traceback is from sid).

fonts-humor-sans_1.0-2_all.deb seems to have a malformed md5sums file
(at least a piuparts helper script failed to parse it.)


Andreas

Information forwarded to debian-bugs-dist@lists.debian.org, Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>:
Bug#877473; Package diffoscope. (Tue, 03 Oct 2017 18:30:03 GMT) (full text, mbox, link).

Acknowledgement sent to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>. (Tue, 03 Oct 2017 18:30:03 GMT) (full text, mbox, link).

Message #10 received at 877473@bugs.debian.org (full text, mbox, reply):

From: Chris Lamb <lamby@debian.org>
To: 877473@bugs.debian.org
Cc: Andreas Beckmann <anbe@debian.org>
Subject: Re: diffoscope: crashes on malformed fonts-humor-sans_1.0-2_all.deb: IndexError: string index out of range
Date: Tue, 03 Oct 2017 19:27:02 +0100
tags 877473 + pending
thanks

Fixed in Git:

  https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=70cb725deb12a2eddc4613b5e3af69ed13434bf7


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Added tag(s) pending. Request was from Chris Lamb <lamby@debian.org> to control@bugs.debian.org. (Tue, 03 Oct 2017 18:30:05 GMT) (full text, mbox, link).

Reply sent to Mattia Rizzolo <mattia@debian.org>:
You have taken responsibility. (Sat, 04 Nov 2017 16:06:05 GMT) (full text, mbox, link).

Notification sent to Andreas Beckmann <anbe@debian.org>:
Bug acknowledged by developer. (Sat, 04 Nov 2017 16:06:05 GMT) (full text, mbox, link).

Message #17 received at 877473-close@bugs.debian.org (full text, mbox, reply):

From: Mattia Rizzolo <mattia@debian.org>
To: 877473-close@bugs.debian.org
Subject: Bug#877473: fixed in diffoscope 88
Date: Sat, 04 Nov 2017 16:03:56 +0000
Source: diffoscope
Source-Version: 88

We believe that the bug you reported is fixed in the latest version of
diffoscope, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 877473@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mattia Rizzolo <mattia@debian.org> (supplier of updated diffoscope package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 04 Nov 2017 16:26:09 +0100
Source: diffoscope
Binary: diffoscope
Architecture: source
Version: 88
Distribution: unstable
Urgency: medium
Maintainer: Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>
Changed-By: Mattia Rizzolo <mattia@debian.org>
Description:
 diffoscope - in-depth comparison of files, archives, and directories
Closes: 797759 877473 877525 880279
Changes:
 diffoscope (88) unstable; urgency=medium
 .
   [ Holger Levsen ]
   * Bump standards version to 4.1.1, no changes needed.
 .
   [ Mattia Rizzolo ]
   * tests/comparators:
     + dtb: compatibility with version 1.4.5.  Closes: #880279
 .
   [ Chris Lamb ]
   * comparators:
     + binwalk: improve names in output of "internal" members.  Closes: #877525
     + Omit misleading "any of" prefix when only complaining about one module
       in ImportError messages.
   * Don't crash on malformed md5sums files.  Closes: #877473
   * tests/comparators:
     + ps: ps2ascii > 9.21 now varies on timezone, so skip this test for now.
     + dtby: only parse the version number, not any "-dirty" suffix.
   * debian/watch: use HTTPS URI.
 .
   [ Ximin Luo ]
   * comparators:
     + utils/file: diff container metadata centrally.  Closes: #797759
       This fixes a last remaining bug in fuzzy-matching across containers.
     + Fix all the affected comparators after the above change.
Checksums-Sha1:
 78952516d1b86557328590304545c331dd340722 3275 diffoscope_88.dsc
 4c26cfb04daf1f36bab3646c04a536843af5fa53 680084 diffoscope_88.tar.xz
 a6b171b4543840030b8e97ea66a9b09a38535239 19315 diffoscope_88_amd64.buildinfo
Checksums-Sha256:
 53930bba7240d52dea766af962409dd1734fa59e0ab9946db3f2690ea1ab2744 3275 diffoscope_88.dsc
 b2ecb1ae2c53a10d580732fd8eafec13154b1f862856e391d2acd45441b2c3b1 680084 diffoscope_88.tar.xz
 e4daeaad80659bf56a5cc8c260ce32811216760fdd3b1028d454d10d7908b44b 19315 diffoscope_88_amd64.buildinfo
Files:
 a07e8b42c5c667bebb6eb8041f247aff 3275 devel optional diffoscope_88.dsc
 76ce6e09fc87300e6513e79caafe4877 680084 devel optional diffoscope_88.tar.xz
 caa3f6298f8ec437b2c9c7661e2bd506 19315 devel optional diffoscope_88_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAln939YACgkQCBa54Yx2
K61UBg//RqmXTOAh6I4JpC27Ke6IeMf4KFZRSC3JcyUjY8RxZ6wczdKw77PEftB7
gxSOAzbMgcmIRq5+MdYbZgTNbYAjprfGZ6h54zcMeYSMqzECDuVZFeR4Z/kJEPX4
C2Qg01fNMu6famXDp1PYoM96sGPHr8rZLj0ONYsCt3m+Es0yd1ausD7WA0idtSGT
c0IOB3SnFL22j1zxW+bt/Z+WEpdMJ3uc4kXYnMYAmUZrOV3QIsL1jfUANHLK8KNO
Ai+Q2W259INJKfQTBzc/KfISdX9YBytsX8L9N1Gnw0HzBaA0lqH3ML/9nX35X7mq
n90wuOdrH24I4IHpYdLb2jVH0EbS3omm5ydSzsxuWFckhB/lz0fHaWA0+BHjkrEZ
18OGF7NLUJE+p6ca6kPeX4WWWnTiruJ34iICC0xDOWvf7QEyr/19tuRyr+gUtQli
6qjTtKvoLrRY+ngMicRNSBAn+aYIyyVMTBgqn5VtHHQzCCIjv/lG296ZouRoo0AA
X9jLeKTQ/TngA+EhlDWI4Q89GWwpc1afRTD6zBNyJNvo40vB4mi+KXv/dQSr7BdI
1g56aZ1llLhGpOhRWyQHLhFrWItQVywSoFzt6foyXzFdgYCDQFs7XyLKWf0VILb9
2G8xNGgVjf0mjPqF19XM8AP8oCpFAgB79cfaMc7jpF0TIf+EPw4=
=xJR+
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 08 Dec 2017 07:32:24 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 13:46:58 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.