Red Hat Bugzilla – Bug 28645
Fix for cpio code
Last modified: 2007-04-18 12:31:38 EDT
The cpio code failed on AIX 4.3.
This patch fixes what looks like a serious problem: the cpio code does a
strlen() on strings which are not NUL-terminated.
It also switches to using malloc/free rather than alloca in this code:
combined, but I don't know why this is necessary.
These changes make AIX 4.3 work again. (Neither alone was sufficient.)
Created attachment 10680 [details]
Fixes for cpio
Hmmm, I'd like to understand why malloc is necessary, but you're mostly on the
FWIW, I know the problem well, as purify complains bitterly about the end
pointer handling, first seen by me like 3 years ago. Do you have access to
purify (or other malloc checker) to see what else is wrong with the silly
and unecessary import of a useless function (strtol would work just as
well IMHO), I'm tempted to just rip the function entirely.
No, I don't have purify access, sorry. Taking the function out might cause more
portability problems, I don't know.
Here's a "fix" to the problem, basically equivalent to what you
proposed. Will be in rpm-4.0.3-0.5.
RCS file: /cvs/devel/rpm/lib/cpio.c,v
retrieving revision 184.108.40.206
diff -u -r220.127.116.11 cpio.c
--- lib/cpio.c 2001/04/02 17:00:16 18.104.22.168
+++ lib/cpio.c 2001/04/17 18:09:03
@@ -209,14 +209,14 @@
*endptr = ((char *)str) + (end - buf); /* XXX discards const */
- *endptr = ((char *)str) + strlen(str);
+ *endptr = ((char *)str) + strlen(buf);
#define GET_NUM_FIELD(phys, log) \
log = strntoul(phys, &end, 16, sizeof(phys)); \
- if (*end) return CPIOERR_BAD_HEADER;
+ if ( (end - phys) != sizeof(phys) ) return CPIOERR_BAD_HEADER;
#define SET_NUM_FIELD(phys, val, space) \
sprintf(space, "%8.8lx", (unsigned long) (val)); \
memcpy(phys, space, 8);