I can reproduce this issue with attached deb file. I add testuser (uid=2097152(010000000)) and create this deb file using dpkg-deb as testuser. When I put it to current directory and run "apt-ftparchive packages .", it makes the same error. Next, I create another deb file as my account(uid=1002) and run apt-ftparchive. no error. All of process is performed in one client.
It seems that the numeric fields of tar header have the possibility to store 256bit encoding value. I also attach patch for apt 0.8.10.
test-package_1.0.deb
Description: application/debian-package
# Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: nobuhiro.haya...@gmail.com-20101203030909-\ # 5jszx42h2mgb4tkn # target_branch: nosmart+http://bzr.debian.org/apt/apt/debian-sid/ # testament_sha1: 213067bba94c2969f10b788e9a028a913319b871 # timestamp: 2010-12-03 12:18:32 +0900 # base_revision_id: m...@debian.org-20101130102328-t3e3ey1zmajl0ef6 # # Begin patch === modified file 'apt-inst/contrib/extracttar.cc' --- apt-inst/contrib/extracttar.cc 2010-06-09 09:51:21 +0000 +++ apt-inst/contrib/extracttar.cc 2010-12-03 03:09:09 +0000 @@ -195,10 +195,14 @@ // Decode all of the fields pkgDirStream::Item Itm; if (StrToNum(Tar->Mode,Itm.Mode,sizeof(Tar->Mode),8) == false || - StrToNum(Tar->UserID,Itm.UID,sizeof(Tar->UserID),8) == false || - StrToNum(Tar->GroupID,Itm.GID,sizeof(Tar->GroupID),8) == false || - StrToNum(Tar->Size,Itm.Size,sizeof(Tar->Size),8) == false || - StrToNum(Tar->MTime,Itm.MTime,sizeof(Tar->MTime),8) == false || + (Base256ToNum(Tar->UserID,Itm.UID,8) == false && + StrToNum(Tar->UserID,Itm.UID,sizeof(Tar->UserID),8) == false) || + (Base256ToNum(Tar->GroupID,Itm.GID,8) == false && + StrToNum(Tar->GroupID,Itm.GID,sizeof(Tar->GroupID),8) == false) || + (Base256ToNum(Tar->Size,Itm.Size,12) == false && + StrToNum(Tar->Size,Itm.Size,sizeof(Tar->Size),8) == false) || + (Base256ToNum(Tar->MTime,Itm.MTime,12) == false && + StrToNum(Tar->MTime,Itm.MTime,sizeof(Tar->MTime),8) == false) || StrToNum(Tar->Major,Itm.Major,sizeof(Tar->Major),8) == false || StrToNum(Tar->Minor,Itm.Minor,sizeof(Tar->Minor),8) == false) return _error->Error(_("Corrupted archive")); === modified file 'apt-pkg/contrib/strutl.cc' --- apt-pkg/contrib/strutl.cc 2010-09-28 15:27:44 +0000 +++ apt-pkg/contrib/strutl.cc 2010-12-03 03:09:09 +0000 @@ -968,6 +968,24 @@ return true; } /*}}}*/ +// Base256ToNum - Convert a fixed length binary to a number /*{{{*/ +// --------------------------------------------------------------------- +/* This is used in decoding the 256bit encoded fixed length fields in + tar files */ +bool Base256ToNum(const char *Str,unsigned long &Res,unsigned Len) +{ + int i; + if ((Str[0] & 0x80) == 0) + return false; + else + { + Res = Str[0] & 0x7F; + for(i=1; i<Len; i++) + Res = (Res<<8) + Str[i]; + return true; + } +} + /*}}}*/ // HexDigit - Convert a hex character into an integer /*{{{*/ // --------------------------------------------------------------------- /* Helper for Hex2Num */ === modified file 'apt-pkg/contrib/strutl.h' --- apt-pkg/contrib/strutl.h 2010-06-09 11:15:34 +0000 +++ apt-pkg/contrib/strutl.h 2010-12-03 03:09:09 +0000 @@ -52,6 +52,7 @@ int StringToBool(const string &Text,int Default = -1); bool ReadMessages(int Fd, vector<string> &List); bool StrToNum(const char *Str,unsigned long &Res,unsigned Len,unsigned Base = 0); +bool Base256ToNum(const char *Str,unsigned long &Res,unsigned Len); bool Hex2Num(const string &Str,unsigned char *Num,unsigned int Length); bool TokSplitString(char Tok,char *Input,char **List, unsigned long ListMax); # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWRtLgngAA4dfgHMwUX///3/n Xgq////+YAbvvLtugAFaXYaAAADFKanmqZpDExoBNqZBgEGCMgyZGhieoNKnojE9TTQaaeoNABoA AGgAAABwDCMJpiGAQDIAYRpkyYRgIaCU1E1IyPTU9TaBB6mmEBpkGgGgNNBoAHAMIwmmIYBAMgBh GmTJhGAhoJJBGgATQCGgjDU0U/0hTGJA/STRkD8qZQ0APIhFpDIpAEFCkoYlXVDXrFMtiegS4zDG Dj3pG76puFi6m6hlm2Ps7L3QpnnSUpxnSxljog6rTqEI1hQwZkM8bGVQ8TyycFT3pEftW2wytWZJ CQlRntkbfFCOxE9J4rGnCeIiKEQ8JTSYJMxhvbRLgwSwXqiY1ncpAQ1TZrb+tn7bvSPGxrdMil8o QCT1TNCiAuhiTnC4MGCxn6qiAHlRtlyE22UZoGI6a5djvkjoIgZVCRACgAwBcZswzjEC5bMBISEg 1IqVq9Gnq+JidjGlD2+7lSnjU98iR0Aw4GTDcC0nO4vXYmEbhEQLlG0uiXMLtZ11MZenqOyQALbU TuCJNskPlguGAXr/4OMw+kvHang9fFYzJJnCwfpc7R49SDWtZrHoCCgAOEOEeBJA/3nsLCA8kInE OHvYYoFSFP7lKDr2KRXak5o1j0g99bl4FX5/UgIuiHk6XLRTs+1arhqHlBE+QTLCaa80mx9hegnh 2bTMuIw8rQrKwcZFo0jnVE1Nxagh3ADxDnoHXj9hrXxeXYm/WBCgIGvInWDiIE48gXF4jvEfODyO clcCKi82m+tRKJp2ZWjF+Q4kxeYF6crSu+utz3NwlGMxGgHFwO9BDFrSplwJFBtJprAxQX2fUoKM REr8KM4NSQNBUKDPMKjodkOxpe95bJMBWWWU10jgqJjcIhqeMMRrtMiszGMDCJSs0XjkpDVjFpdB rHDhxfhaRLSdpSIEIlpkdb4JFqNUxSS3a8pXt2dYpKnIdoOdjSazAvImhxoM9ciNRhQZ4UmI4167 zApKp9Vl1+IiisckRGhTIkQmJXj78IwLrmd6Tmo+Di5MlWKhk5WQvtHCiiMAcoLuH3zP9KqyYQTa NJVpbahcJ8kJ3WkAN8kPvhjCu1iy1MOGFXQg2/BeF7nzvJN2iewvio8UHkqp2ESGdMwUagkmQqfS CMi8xiFrhLLQrWMv04ePfhAic1yCVDDOQac0iHz+/9DKdBGTDfkfcK5mYE3+UcTFmZmZicknrib+ AuInoPYLj/A2oIqZfNBdYMhopISiBrpcEmZ16huQGmHgchIYTEUy+EheCBjDgTHz8YKhqUyFwscK BgRQoCuERaCAbddIHrtDZFClOgpIFnoCdvF4rIRJBTzb/sk4Fgof6sSI7jUZHWeYjgZEBjpzNdu4 3hHhGv5HLeg5AvMggfWVdwz0H7oMjib6Ow3PEE6wOzN8TRQkibxJu8ig/q2zJl9MipEENWIuKA1H Ue7NX6y8LoOoSumYtvau54T76SEJQbYiAkK5VaK1TnkcZ8emtWB0m2zucr1AWBgiga2vxIELT38G Tjea/9piwmXimSyD0Qbqh+VwZ/+o1hV6IuUysBUJd3MoR286OcfedpFhjkSOBpQSNhpN50BWEx8F 7U4XP+LlX+kFpWgRwA9gKoPyS1E5sPdhrEMkHABgekQLrYgu0F8qJdugUqNbjxikfrntBkHcgapA 2odd9EG8sOVnl1hOG8FOI0IkThbQLKiGPRB9QjJCdd3CMKmtOKJJd2C8hFWw0U7mxjpFmI5xuFQm SGTu09VchxFBmNN0M8g5B1JYujSkwhkKkBl8AXvXQo1InB39uaB7BGZPuqogHuY6SRFp2Z6MCcIv Xyg8IIGQsgnuhEeKN4OcM8negbH8cC1DKhBiE5RQJmSeVj1Dou0MkcF2JHr1pHSo01hOUkQFUL6o GDPIpQRPXqK0X3i4py+L1ZFb9CwQYhp5+ZEweVAVUTzjaadiJ7BwJ7MJwDxXiLooPRB2OEcirjir GT6VXOgaT0602grY3h5qZTsRTpMPXfIcQYiMN2kN6CIDVea1osCILs5wkIgvMKkVkRpC7BvARTz0 3DS+1i7ksEpDiK+gpay57OFPMOM6xxwEZn3AfSKpckFboQHEmR7cHGZAuP4m3CHWC6/BIoNwQNCt qLqBpwsEe1dpy/bbxEfgdIu1aikCy1hyc7lQhRQv5LrnxEY+H/T9PUIBBvQh/8XckU4UJAbS4J4A
