Bug 209115 - zip segfaults by attempt to archive big file
Summary: zip segfaults by attempt to archive big file
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: zip (Show other bugs)
(Show other bugs)
Version: 4.0
Hardware: x86_64 Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Ivana Varekova
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-10-03 12:06 UTC by Jan Lieskovsky
Modified: 2015-12-10 13:34 UTC (History)
0 users

Fixed In Version: RHBA-2007-1040
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-21 12:08:05 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed patch (392 bytes, patch)
2006-10-09 15:37 UTC, Ivana Varekova
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:1040 normal SHIPPED_LIVE zip bug fix update 2008-07-23 21:59:28 UTC

Description Jan Lieskovsky 2006-10-03 12:06:54 UTC
Description of problem:
See Steps to Reproduce

Version-Release number of selected component (if applicable):
zip-2.3-27.

How reproducible:
Always

Steps to Reproduce:
1. dd if=/dev/zero of=largeFile bs=1M count=5000
2. zip largeFile.zip largeFile => 
   Segmentation fault

3.
  
Actual results:
Segmentation fault

Expected results:
Zip either creates the archive or outputs "File too large" error message

Additional info:
This bug appears only on ppc64 and x86_64, on other systems it results 
in:

zip largeFile.zip largeFile
        zip warning: file too large:
        zip warning: name not matched: largeFile
  adding: largeFile (deflated 100%)

Comment 1 Jan Lieskovsky 2006-10-03 12:08:15 UTC
Attaching valgrind output yet:

==20780== Memcheck, a memory error detector.
==20780== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==20780== Using LibVEX rev 1575, a library for dynamic binary translation.
==20780== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==20780== Using valgrind-3.1.1, a dynamic binary instrumentation framework.
==20780== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==20780== For more details, rerun with: -v
==20780==
==20780== Invalid read of size 1
==20780==    at 0xFF8CFA0: strlen (mac_replace_strmem.c:243)
==20780==    by 0x44A5050: vfprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x44A1CA0: buffered_vfprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x44A1F74: vfprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x44A9EB8: fprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x100012A8: (within /usr/bin/zip)
==20780==    by 0x1000A960: (within /usr/bin/zip)
==20780==    by 0x1000312C: (within /usr/bin/zip)
==20780==    by 0x447A888: (below main) (in /lib/tls/libc-2.3.4.so)
==20780==  Address 0x3 is not stack'd, malloc'd or (recently) free'd
==20780==
==20780== Process terminating with default action of signal 11 (SIGSEGV)
==20780==  Access not within mapped region at address 0x3
==20780==    at 0xFF8CFA0: strlen (mac_replace_strmem.c:243)
==20780==    by 0x44A5050: vfprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x44A1CA0: buffered_vfprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x44A1F74: vfprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x44A9EB8: fprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x100012A8: (within /usr/bin/zip)
==20780==    by 0x1000A960: (within /usr/bin/zip)
==20780==    by 0x1000312C: (within /usr/bin/zip)
==20780==    by 0x447A888: (below main) (in /lib/tls/libc-2.3.4.so)
==20780==
==20780== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 5 from 1)
==20780== malloc/free: in use at exit: 72 bytes in 5 blocks.
==20780== malloc/free: 12 allocs, 7 frees, 1,719 bytes allocated.
==20780== For counts of detected errors, rerun with: -v
==20780== searching for pointers to 5 not-freed blocks.
==20780== checked 379,532 bytes.
==20780==
==20780== LEAK SUMMARY:
==20780==    definitely lost: 0 bytes in 0 blocks.
==20780==      possibly lost: 0 bytes in 0 blocks.
==20780==    still reachable: 72 bytes in 5 blocks.
==20780==         suppressed: 0 bytes in 0 blocks.
==20780== Reachable blocks (those to which a pointer was found) are not shown.
==20780== To see them, rerun with: --show-reachable=yes
Segmentation fault


Comment 2 Ivana Varekova 2006-10-09 15:37:28 UTC
Created attachment 138045 [details]
proposed patch

Comment 5 Ivana Varekova 2007-10-26 09:20:22 UTC
Putting on the proposed list.

Comment 10 errata-xmlrpc 2007-11-21 12:08:05 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-1040.html



Note You need to log in before you can comment on or make changes to this bug.