Bug 209115 - zip segfaults by attempt to archive big file
zip segfaults by attempt to archive big file
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: zip (Show other bugs)
4.0
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Ivana Varekova
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-03 08:06 EDT by Jan Lieskovsky
Modified: 2015-12-10 08:34 EST (History)
0 users

See Also:
Fixed In Version: RHBA-2007-1040
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-21 07:08:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed patch (392 bytes, patch)
2006-10-09 11:37 EDT, Ivana Varekova
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2006-10-03 08:06:54 EDT
Description of problem:
See Steps to Reproduce

Version-Release number of selected component (if applicable):
zip-2.3-27.

How reproducible:
Always

Steps to Reproduce:
1. dd if=/dev/zero of=largeFile bs=1M count=5000
2. zip largeFile.zip largeFile => 
   Segmentation fault

3.
  
Actual results:
Segmentation fault

Expected results:
Zip either creates the archive or outputs "File too large" error message

Additional info:
This bug appears only on ppc64 and x86_64, on other systems it results 
in:

zip largeFile.zip largeFile
        zip warning: file too large:
        zip warning: name not matched: largeFile
  adding: largeFile (deflated 100%)
Comment 1 Jan Lieskovsky 2006-10-03 08:08:15 EDT
Attaching valgrind output yet:

==20780== Memcheck, a memory error detector.
==20780== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==20780== Using LibVEX rev 1575, a library for dynamic binary translation.
==20780== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==20780== Using valgrind-3.1.1, a dynamic binary instrumentation framework.
==20780== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==20780== For more details, rerun with: -v
==20780==
==20780== Invalid read of size 1
==20780==    at 0xFF8CFA0: strlen (mac_replace_strmem.c:243)
==20780==    by 0x44A5050: vfprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x44A1CA0: buffered_vfprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x44A1F74: vfprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x44A9EB8: fprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x100012A8: (within /usr/bin/zip)
==20780==    by 0x1000A960: (within /usr/bin/zip)
==20780==    by 0x1000312C: (within /usr/bin/zip)
==20780==    by 0x447A888: (below main) (in /lib/tls/libc-2.3.4.so)
==20780==  Address 0x3 is not stack'd, malloc'd or (recently) free'd
==20780==
==20780== Process terminating with default action of signal 11 (SIGSEGV)
==20780==  Access not within mapped region at address 0x3
==20780==    at 0xFF8CFA0: strlen (mac_replace_strmem.c:243)
==20780==    by 0x44A5050: vfprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x44A1CA0: buffered_vfprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x44A1F74: vfprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x44A9EB8: fprintf (in /lib/tls/libc-2.3.4.so)
==20780==    by 0x100012A8: (within /usr/bin/zip)
==20780==    by 0x1000A960: (within /usr/bin/zip)
==20780==    by 0x1000312C: (within /usr/bin/zip)
==20780==    by 0x447A888: (below main) (in /lib/tls/libc-2.3.4.so)
==20780==
==20780== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 5 from 1)
==20780== malloc/free: in use at exit: 72 bytes in 5 blocks.
==20780== malloc/free: 12 allocs, 7 frees, 1,719 bytes allocated.
==20780== For counts of detected errors, rerun with: -v
==20780== searching for pointers to 5 not-freed blocks.
==20780== checked 379,532 bytes.
==20780==
==20780== LEAK SUMMARY:
==20780==    definitely lost: 0 bytes in 0 blocks.
==20780==      possibly lost: 0 bytes in 0 blocks.
==20780==    still reachable: 72 bytes in 5 blocks.
==20780==         suppressed: 0 bytes in 0 blocks.
==20780== Reachable blocks (those to which a pointer was found) are not shown.
==20780== To see them, rerun with: --show-reachable=yes
Segmentation fault
Comment 2 Ivana Varekova 2006-10-09 11:37:28 EDT
Created attachment 138045 [details]
proposed patch
Comment 5 Ivana Varekova 2007-10-26 05:20:22 EDT
Putting on the proposed list.
Comment 10 errata-xmlrpc 2007-11-21 07:08:05 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-1040.html

Note You need to log in before you can comment on or make changes to this bug.