Red Hat Bugzilla – Bug 28645
Fix for cpio code
Last modified: 2007-04-18 12:31:38 EDT
The cpio code failed on AIX 4.3. This patch fixes what looks like a serious problem: the cpio code does a strlen() on strings which are not NUL-terminated. It also switches to using malloc/free rather than alloca in this code: combined, but I don't know why this is necessary. These changes make AIX 4.3 work again. (Neither alone was sufficient.)
Created attachment 10680 [details] Fixes for cpio
Hmmm, I'd like to understand why malloc is necessary, but you're mostly on the right track here. FWIW, I know the problem well, as purify complains bitterly about the end pointer handling, first seen by me like 3 years ago. Do you have access to purify (or other malloc checker) to see what else is wrong with the silly and unecessary import of a useless function (strtol would work just as well IMHO), I'm tempted to just rip the function entirely.
No, I don't have purify access, sorry. Taking the function out might cause more portability problems, I don't know.
Here's a "fix" to the problem, basically equivalent to what you proposed. Will be in rpm-4.0.3-0.5. Index: lib/cpio.c =================================================================== RCS file: /cvs/devel/rpm/lib/cpio.c,v retrieving revision 2.71.2.7 diff -u -r2.71.2.7 cpio.c --- lib/cpio.c 2001/04/02 17:00:16 2.71.2.7 +++ lib/cpio.c 2001/04/17 18:09:03 @@ -209,14 +209,14 @@ if (*end) *endptr = ((char *)str) + (end - buf); /* XXX discards const */ else - *endptr = ((char *)str) + strlen(str); + *endptr = ((char *)str) + strlen(buf); return ret; } #define GET_NUM_FIELD(phys, log) \ log = strntoul(phys, &end, 16, sizeof(phys)); \ - if (*end) return CPIOERR_BAD_HEADER; + if ( (end - phys) != sizeof(phys) ) return CPIOERR_BAD_HEADER; #define SET_NUM_FIELD(phys, val, space) \ sprintf(space, "%8.8lx", (unsigned long) (val)); \ memcpy(phys, space, 8);