From: David Kalnischkies <david@kalnischkies.de>
Date: Mon, 28 Apr 2014 15:36:54 +0000 (+0200)
Subject: initialize Verify in second pkgAcqIndex constructor
X-Git-Tag: 1.0.4~37^2
X-Git-Url: https://git.hcoop.net/ntk/apt.git/commitdiff_plain/949d2e98a0fc00afc6e9cf78a724d0d578a3ca2a?hp=3163087b04ca5c297a7c98c018ba5c30e850a11e

initialize Verify in second pkgAcqIndex constructor

gcc reports in testcase ./test-bug-596498-trusted-unsigned-repo:
apt-pkg/acquire-item.cc:1059:7: runtime error: load of value 234, which
is not a valid value for type 'bool'

This happens as the bool Verify is initialized only in one of the two
constructors of the pkgAcqIndex class. It isn't a problem through as the
verification controlled by this flag is optional and used to fail early
on garbage files (like network portal pages) instead of later on in the
hashsum verification or while parsing (the then untrusted) file.

Reported-By: gcc-4.9 -fsanitize=undefined
---

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 30743add..0178456a 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -932,6 +932,8 @@ pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner,
    }
    CompressionExtension = comprExt;
 
+   Verify = true;
+
    Init(URI, URIDesc, ShortDesc);
 }
 pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner, IndexTarget const *Target,