Bug#509170: marked as done (gzrecover can pass incorrect info about buffer size to zlib)

Sun, 27 Mar 2011 22:36:17 -0700 

Your message dated Mon, 28 Mar 2011 05:32:09 +0000
with message-id <[email protected]>
and subject line Bug#509170: fixed in gzrt 0.5-2
has caused the Debian Bug report #509170,
regarding gzrecover can pass incorrect info about buffer size to zlib
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
509170: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509170
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: zlib1g
Version: 1:1.2.3.3.dfsg-12
Severity: normal

gzrecover (from gzrt) crashes with a SIGSEGV in inflate from zlib when
trying to recover the attached flasm_1.61-1.diff.gz (corrupted with 1
bit - byte 0xB41 should be 0x02 not 0x12). It crashes half way through
the output of the recovered file. gzrecover also crashes in inflate with
the non-corrupted version (also attached). Backtraces for both below...

The backtrace for the non-corrupted version:

(gdb) bt
#0  0x00007fb864c339cc in inflate (strm=0x7fff6d05a0f0, flush=0) at 
inflate.c:782
#1  0x00000000004012f7 in main (argc=2, argv=0x7fff6d05a288) at gzrecover.c:253
(gdb) bt full
#0  0x00007fb864c339cc in inflate (strm=0x7fff6d05a0f0, flush=0) at 
inflate.c:782
        next = (unsigned char *) 0x7fb764f40e3f <Address 0x7fb764f40e3f out of 
bounds>
        put = (
    unsigned char *) 0xd95050 "m\017\017w#�]rm-1.61.orig/debian/dirs\n+++ 
flasm-1.61/debian/dirs\n@@ -0,0 +1,2 @@\n+etc\n+usr/bin\n--- 
flasm-1.61.orig/debian/docs\n+++ flasm-1.61/debian/docs\n@@ -0,0 +1,3 
@@\n+flasm.html\n+classic.css\n+logo.gif \n"...
        have = 4294959036
        left = 65536
        hold = 0
        bits = 0
        in = <value optimized out>
        out = 65536
        copy = 4200016
        from = (unsigned char *) 0x7fff6d05a080 "��\005m�\177"
        len = 14307540
        ret = 0
        hbuf = "��\005m"
        order = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 
15}
#1  0x00000000004012f7 in main (argc=2, argv=0x7fff6d05a288) at gzrecover.c:253
        opt = -1
        rc = 1
        ifd = 5
        ofd = 6
        founderr = 0
        foundgood = 1
        bytes_read = 3561
        errpos = 1048575
        errinc = 0
        infile = 0x7fff6d05b55a "flasm_1.61-1.diff"
        inbuf = (unsigned char *) 0x7fb864f3e010 "\037\213\b"
        outbuf = (
    unsigned char *) 0xd95050 "m\017\017w#�]rm-1.61.orig/debian/dirs\n+++ 
flasm-1.61/debian/dirs\n@@ -0,0 +1,2 @@\n+etc\n+usr/bin\n--- 
flasm-1.61.orig/debian/docs\n+++ flasm-1.61/debian/docs\n@@ -0,0 +1,3 
@@\n+flasm.html\n+classic.css\n+logo.gif \n"...
        d_stream = {next_in = 0x7fb764f40e3f <Address 0x7fb764f40e3f out of 
bounds>, avail_in = 4294959036, total_in = 0, 
  next_out = 0xd95050 "m\017\017w#�]rm-1.61.orig/debian/dirs\n+++ 
flasm-1.61/debian/dirs\n@@ -0,0 +1,2 @@\n+etc\n+usr/bin\n--- 
flasm-1.61.orig/debian/docs\n+++ flasm-1.61/debian/docs\n@@ -0,0 +1,3 
@@\n+flasm.html\n+classic.css\n+logo.gif \n"..., avail_out = 65536, total_out = 
0, msg = 0x0, state = 0xda5060, zalloc = 0x7fb864c329d0 <zcalloc>, 
  zfree = 0x7fb864c329c0 <zcfree>, opaque = 0x0, data_type = 0, adler = 1, 
reserved = 0}

The backtrace for the corrupted version:

(gdb) bt
#0  0x00007ff5fa8df9cc in inflate (strm=0x7fff02d04d90, flush=0) at 
inflate.c:782
#1  0x00000000004012f7 in main (argc=2, argv=0x7fff02d04f28) at gzrecover.c:253
(gdb) bt full
#0  0x00007ff5fa8df9cc in inflate (strm=0x7fff02d04d90, flush=0) at 
inflate.c:782
        next = (unsigned char *) 0x7ff4fabec481 <Address 0x7ff4fabec481 out of 
bounds>
        put = (unsigned char *) 0x1000050 "�", '�' <repeats 116 times>, 
"\210\201/\177�++ flasm-1.61/debian/docs\n@@ -0,0 +1,3 
@@\n+flasm.html\n+classic.css\n+logo.gif \n"...
        have = 4294961530
        left = 65536
        hold = 0
        bits = 0
        in = <value optimized out>
        out = 65536
        copy = 4200016
        from = (unsigned char *) 0x7fff02d04d20 "`M�\002�\177"
        len = 16842964
        ret = 0
        hbuf = "`M�\002"
        order = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 
15}
#1  0x00000000004012f7 in main (argc=2, argv=0x7fff02d04f28) at gzrecover.c:253
        opt = -1
        rc = 1
        ifd = 5
        ofd = 6
        founderr = 0
        foundgood = 1
        bytes_read = 3561
        errpos = 1048575
        errinc = 0
        infile = 0x7fff02d06556 "flasm_1.61-1.diff"
        inbuf = (unsigned char *) 0x7ff5fabea010 "\037\213\b"
        outbuf = (unsigned char *) 0x1000050 "�", '�' <repeats 116 times>, 
"\210\201/\177�++ flasm-1.61/debian/docs\n@@ -0,0 +1,3 
@@\n+flasm.html\n+classic.css\n+logo.gif \n"...
        d_stream = {next_in = 0x7ff4fabec481 <Address 0x7ff4fabec481 out of 
bounds>, avail_in = 4294961530, total_in = 0, 
  next_out = 0x1000050 "�", '�' <repeats 116 times>, "\210\201/\177�++ 
flasm-1.61/debian/docs\n@@ -0,0 +1,3 @@\n+flasm.html\n+classic.css\n+logo.gif 
\n"..., avail_out = 65536, 
  total_out = 0, msg = 0x0, state = 0x1010060, zalloc = 0x7ff5fa8de9d0 
<zcalloc>, zfree = 0x7ff5fa8de9c0 <zcfree>, opaque = 0x0, data_type = 0, adler 
= 1, reserved = 0}


-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (700, 'testing'), (600, 'unstable'), (550, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages zlib1g depends on:
ii  libc6                         2.7-16     GNU C Library: Shared libraries

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Attachment: flasm_1.61-1.diff.gz
Description: corrupted

Attachment: flasm_1.61-1.diff.gz
Description: non-corrupted

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
--- Begin Message --- 
Source: gzrt
Source-Version: 0.5-2

We believe that the bug you reported is fixed in the latest version of
gzrt, which is due to be installed in the Debian FTP archive:

gzrt_0.5-2.debian.tar.gz
  to main/g/gzrt/gzrt_0.5-2.debian.tar.gz
gzrt_0.5-2.dsc
  to main/g/gzrt/gzrt_0.5-2.dsc
gzrt_0.5-2_amd64.deb
  to main/g/gzrt/gzrt_0.5-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Paul Wise <[email protected]> (supplier of updated gzrt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 28 Mar 2011 13:18:42 +0800
Source: gzrt
Binary: gzrt
Architecture: source amd64
Version: 0.5-2
Distribution: unstable
Urgency: low
Maintainer: Paul Wise <[email protected]>
Changed-By: Paul Wise <[email protected]>
Description: 
 gzrt       - gzip recovery toolkit
Closes: 509170 615424
Changes: 
 gzrt (0.5-2) unstable; urgency=low
 .
   * Use Homepage instead of putting it in the description (Closes: #615424)
   * Until policy changes install the ChangeLog to changelog.gz
   * Now complies with latest policy, bump Standards-Version
   * Fix segfaults with some files (Closes: #509170)
   * Reference the correct version of the GPL
   * Switch to debhelper 7 and dh
   * Correct memory and fd leaks
   * Correct 3 gcc warnings
Checksums-Sha1: 
 2d93fb9ebabc5ea07f53c8c4bfdbdc5b70239ffd 993 gzrt_0.5-2.dsc
 672f0a9f4f68fe858b870ba6d13a82837853f47c 3233 gzrt_0.5-2.debian.tar.gz
 94553042a9b4450c5b6f222e680a7fefea11d5b6 8754 gzrt_0.5-2_amd64.deb
Checksums-Sha256: 
 1bce81ad410d72f5a655de6da331e3559e0bb0ac02e71796def974c71e825210 993 
gzrt_0.5-2.dsc
 c1da28ed2098f2cf401f56456eb60ffa4845f82e54c109312af7397263aedf4c 3233 
gzrt_0.5-2.debian.tar.gz
 97af668250f9bd753c78dbcce5145d5039f36ccfd828284b225671e525a78fcc 8754 
gzrt_0.5-2_amd64.deb
Files: 
 0d17a83d1b43964adc11d39378ad1926 993 utils optional gzrt_0.5-2.dsc
 e535830b33b523e04e1c517f26299bd3 3233 utils optional gzrt_0.5-2.debian.tar.gz
 61357272ff27c4aa16d228f737c4364d 8754 utils optional gzrt_0.5-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk2QGvAACgkQ5Sc9mGvjxCM8MwCePRufooW5oNKX7w7TUhyjPGCL
TLYAn3FBfEAoJLWVB5zOHC8qb52FN58t
=5Q1c
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to