Bug 1303428 - Checksum calculation may lead to memory exhaustion
Summary: Checksum calculation may lead to memory exhaustion
Status: CLOSED DUPLICATE of bug 1175759
Alias: None
Product: Fedora Documentation
Classification: Fedora
Component: install-guide   
(Show other bugs)
Version: devel
Hardware: All
OS: Windows
Target Milestone: ---
Assignee: Pete Travis
QA Contact: Fedora Docs QA
Depends On:
TreeView+ depends on / blocked
Reported: 2016-01-31 17:24 UTC by Ansgar Wiechers
Modified: 2016-02-02 14:30 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-02-02 14:30:41 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Ansgar Wiechers 2016-01-31 17:24:19 UTC
Description of problem:

Chapter 3.3.1 of the Installation Guide[1] ("Verifying checksums on Windows systems") suggests to pass the image as a byte array to the ComputeHash() method for calculating the SHA-256 checksum:

> $download_checksum = [System.BitConverter]::ToString($sha256.ComputeHash([System.IO.File]::ReadAllBytes("$PWD\$image"))).ToLower() -replace '-', ''

This reads the entire image into memory and may thus result in memory exhaustion (System.OutOfMemoryException), depending on the size of the image and the available memory in the computer running the verification.


Read the image as a stream[2] instead of a byte array.

> $stream = (Get-Item "$PWD\$image").OpenRead()
> $hash = $sha256.ComputeHash($stream)
> $stream.Close()
> $download_checksum = [System.BitConverter]::ToString($hash).ToLower() -replace '-'

 [1]: https://docs.fedoraproject.org/en-US/Fedora/23/html/Installation_Guide/sect-verifying-images.html
 [2]: https://msdn.microsoft.com/en-us/library/xa627k19.aspx

Comment 1 Pete Travis 2016-02-02 14:30:41 UTC

*** This bug has been marked as a duplicate of bug 1175759 ***

Note You need to log in before you can comment on or make changes to this bug.