Bug#616502: dpkg: "malloc failed (-1739558537 bytes): Cannot allocate memory" for file >= 2 GiB

[Martin Dorey]

Package: dpkg
Version: 1.14.25
Severity: wishlist
Tags: patch

A debug version, packaged in the wrong way with embedded debugging information, 
of a non-Free and non-free, amd64-specific package contains a file whose size 
is larger than 2 GiB.  With the patched dpkg and full --debug output, I see 
this file reported as:

D000010: ensure_pathname_nonexisting 
`/opt/mercury-main/8.1.2312.04/bin/mfb.elf.dpkg-tmp'
D000100: tarobject NormalFile[01] open size=2555408759

In hex, that's 0x98507177.  With the unpatched dpkg, this happens:

D000010: ensure_pathname_nonexisting 
`/opt/mercury-main/8.1.2312.04/bin/mfb.elf.dpkg-tmp'
D000100: tarobject NormalFile[01] open size=18446744071969993079
dpkg: unrecoverable fatal error, aborting:
 malloc failed (-1739558537 bytes): Cannot allocate memory
 mercury6:/tmp# dpkg-deb: subprocess paste killed by signal (Broken pipe)

The big decimal number is 0xffffffff98508000.

You might not care about packages containing files of such a size and, even 
were you to do so, I expect you'd care about them even on 32 bit platforms, the 
fixing of which would require greater surgery than I propose here.  As 
programmers of taste and distinction, however, I am hoping that you care that 
OtoL ("octal to long") returns a long but accumulates its return value in an 
int, making it incapable of returning the full range of long on platforms, like 
amd64, where the two types differ in size.

Apologies if it's a dupe.  I did try to search, both with Google and plowing 
through the bugs presented by reportbug, but there are so many 
minority-interest reports for dpkg, like this one :(, that I could easily have 
missed it.  I did check that my patch hasn't already been applied in 
http://git.debian.org/?p=dpkg/dpkg.git;a=blob_plain;f=lib/dpkg/tarfn.c;hb=HEAD.

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=UTF-8) 
(ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages dpkg depends on:
ii  coreutils                     6.10-6     The GNU core utilities
ii  libc6                         2.7-18     GNU C Library: Shared libraries
ii  lzma                          4.43-14    Compression method of 7z format in

dpkg recommends no packages.

Versions of packages dpkg suggests:
ii  apt                      0.7.20.2+lenny1 Advanced front-end for dpkg

-- no debconf information

--- lib/tarfn.c.orig	2011-03-04 09:24:50.000000000 -0800
+++ lib/tarfn.c	2011-03-04 09:19:31.000000000 -0800
@@ -42,7 +42,7 @@
 static long
 OtoL(const char * s, int size)
 {
-	int	n = 0;
+	long	n = 0;
 
 	while ( *s == ' ' ) {
 		s++;