Description of problem: See Steps to Reproduce Version-Release number of selected component (if applicable): zip-2.3-27. How reproducible: Always Steps to Reproduce: 1. dd if=/dev/zero of=largeFile bs=1M count=5000 2. zip largeFile.zip largeFile => Segmentation fault 3. Actual results: Segmentation fault Expected results: Zip either creates the archive or outputs "File too large" error message Additional info: This bug appears only on ppc64 and x86_64, on other systems it results in: zip largeFile.zip largeFile zip warning: file too large: zip warning: name not matched: largeFile adding: largeFile (deflated 100%)
Attaching valgrind output yet: ==20780== Memcheck, a memory error detector. ==20780== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al. ==20780== Using LibVEX rev 1575, a library for dynamic binary translation. ==20780== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP. ==20780== Using valgrind-3.1.1, a dynamic binary instrumentation framework. ==20780== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al. ==20780== For more details, rerun with: -v ==20780== ==20780== Invalid read of size 1 ==20780== at 0xFF8CFA0: strlen (mac_replace_strmem.c:243) ==20780== by 0x44A5050: vfprintf (in /lib/tls/libc-2.3.4.so) ==20780== by 0x44A1CA0: buffered_vfprintf (in /lib/tls/libc-2.3.4.so) ==20780== by 0x44A1F74: vfprintf (in /lib/tls/libc-2.3.4.so) ==20780== by 0x44A9EB8: fprintf (in /lib/tls/libc-2.3.4.so) ==20780== by 0x100012A8: (within /usr/bin/zip) ==20780== by 0x1000A960: (within /usr/bin/zip) ==20780== by 0x1000312C: (within /usr/bin/zip) ==20780== by 0x447A888: (below main) (in /lib/tls/libc-2.3.4.so) ==20780== Address 0x3 is not stack'd, malloc'd or (recently) free'd ==20780== ==20780== Process terminating with default action of signal 11 (SIGSEGV) ==20780== Access not within mapped region at address 0x3 ==20780== at 0xFF8CFA0: strlen (mac_replace_strmem.c:243) ==20780== by 0x44A5050: vfprintf (in /lib/tls/libc-2.3.4.so) ==20780== by 0x44A1CA0: buffered_vfprintf (in /lib/tls/libc-2.3.4.so) ==20780== by 0x44A1F74: vfprintf (in /lib/tls/libc-2.3.4.so) ==20780== by 0x44A9EB8: fprintf (in /lib/tls/libc-2.3.4.so) ==20780== by 0x100012A8: (within /usr/bin/zip) ==20780== by 0x1000A960: (within /usr/bin/zip) ==20780== by 0x1000312C: (within /usr/bin/zip) ==20780== by 0x447A888: (below main) (in /lib/tls/libc-2.3.4.so) ==20780== ==20780== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 5 from 1) ==20780== malloc/free: in use at exit: 72 bytes in 5 blocks. ==20780== malloc/free: 12 allocs, 7 frees, 1,719 bytes allocated. ==20780== For counts of detected errors, rerun with: -v ==20780== searching for pointers to 5 not-freed blocks. ==20780== checked 379,532 bytes. ==20780== ==20780== LEAK SUMMARY: ==20780== definitely lost: 0 bytes in 0 blocks. ==20780== possibly lost: 0 bytes in 0 blocks. ==20780== still reachable: 72 bytes in 5 blocks. ==20780== suppressed: 0 bytes in 0 blocks. ==20780== Reachable blocks (those to which a pointer was found) are not shown. ==20780== To see them, rerun with: --show-reachable=yes Segmentation fault
Created attachment 138045 [details] proposed patch
Putting on the proposed list.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-1040.html