Package: dpkg Version: 1.14.25 Severity: wishlist Tags: patch A debug version, packaged in the wrong way with embedded debugging information, of a non-Free and non-free, amd64-specific package contains a file whose size is larger than 2 GiB. With the patched dpkg and full --debug output, I see this file reported as:
D000010: ensure_pathname_nonexisting `/opt/mercury-main/8.1.2312.04/bin/mfb.elf.dpkg-tmp' D000100: tarobject NormalFile[01] open size=2555408759 In hex, that's 0x98507177. With the unpatched dpkg, this happens: D000010: ensure_pathname_nonexisting `/opt/mercury-main/8.1.2312.04/bin/mfb.elf.dpkg-tmp' D000100: tarobject NormalFile[01] open size=18446744071969993079 dpkg: unrecoverable fatal error, aborting: malloc failed (-1739558537 bytes): Cannot allocate memory mercury6:/tmp# dpkg-deb: subprocess paste killed by signal (Broken pipe) The big decimal number is 0xffffffff98508000. You might not care about packages containing files of such a size and, even were you to do so, I expect you'd care about them even on 32 bit platforms, the fixing of which would require greater surgery than I propose here. As programmers of taste and distinction, however, I am hoping that you care that OtoL ("octal to long") returns a long but accumulates its return value in an int, making it incapable of returning the full range of long on platforms, like amd64, where the two types differ in size. Apologies if it's a dupe. I did try to search, both with Google and plowing through the bugs presented by reportbug, but there are so many minority-interest reports for dpkg, like this one :(, that I could easily have missed it. I did check that my patch hasn't already been applied in http://git.debian.org/?p=dpkg/dpkg.git;a=blob_plain;f=lib/dpkg/tarfn.c;hb=HEAD. -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages dpkg depends on: ii coreutils 6.10-6 The GNU core utilities ii libc6 2.7-18 GNU C Library: Shared libraries ii lzma 4.43-14 Compression method of 7z format in dpkg recommends no packages. Versions of packages dpkg suggests: ii apt 0.7.20.2+lenny1 Advanced front-end for dpkg -- no debconf information
--- lib/tarfn.c.orig 2011-03-04 09:24:50.000000000 -0800 +++ lib/tarfn.c 2011-03-04 09:19:31.000000000 -0800 @@ -42,7 +42,7 @@ static long OtoL(const char * s, int size) { - int n = 0; + long n = 0; while ( *s == ' ' ) { s++;