Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 50074 - gzip and gzip-x86 have an integer overflow in gunzip -l output
Summary: gzip and gzip-x86 have an integer overflow in gunzip -l output
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Linux bug wranglers
URL: http://www.gzip.org/#faq10
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-05-04 23:59 UTC by Robin Johnson
Modified: 2004-05-06 00:17 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-05-04 23:59:41 UTC
gunzip -l is using a 32bit integer for a 64 bit value somewhere, and this causes incorrect output. see the reproduce steps.

Reproducible: Always
Steps to Reproduce:
1. dd if=/dev/zero bs=1M count=4 | gzip -1c >test.small
2. dd if=/dev/zero bs=1M count=4098 | gzip -1c >test.big
3. gunzip -l test.small test.big
Actual Results:  
         compressed        uncompressed  ratio uncompressed_name
               4098             4194304  99.9% test.small
           18744093             2097152 -793.8% test.big
           18748191             6291456 -198.0% (totals)

note the massively incorrect value for test.big. this stays EVEN if gzip is 
forcibly compiled with --enable-largefile in the ebuild.

Expected Results:  
display correct results! use a 64 bit integer for the large value.

Portage 2.0.50-r6 (default-x86-1.4, gcc-3.3.3, glibc-2.3.3_pre20040207-r0, 
2.6.5-rc1-mm1)
=================================================================
System uname: 2.6.5-rc1-mm1 i686 AMD Athlon(TM) XP 2200+
Gentoo Base System version 1.4.9
distcc 2.13 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
ccache version 2.3 [enabled]
Autoconf: sys-devel/autoconf-2.59-r3
Automake: sys-devel/automake-1.8.3
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CFLAGS="-march=athlon-xp -mcpu=athlon-xp -O3 -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.2
/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/dvipdfm
/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /us
r/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/alias /var/qm
ail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=athlon-xp -mcpu=athlon-xp -O3 -pipe"
DISTDIR="/usr/gentoo-distfiles"
FEATURES="autoaddcvs buildpkg ccache cvs digest distcc sandbox"
GENTOO_MIRRORS="http://gentoo.ccccom.com http://gentoo.seren.com/gentoo"
MAKEOPTS="-j8"
PKGDIR="/usr/gentoo-packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/gentoo-cvs/gentoo-x86"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow X aalib acl acpi alsa amd apache2 apm arts berkdb bots cdr 
clearpasswd crypt curl directfb dvd encode esd ethereal expat fbcon gd gdbm gif 
gmtfull gmthigh gmtsuppl gmttria gpm gtkhtml imap imlib ipalias ipv6 jikes jpeg 
junit kde ldap libg++ libwww lirc mad maildir mcal md5sum mikmod mmx motif 
mozilla mpeg mpi multilib nas ncurses nls oav offensive oggvorbis ospfapi oss 
pam pcap pdflib perl pic png pnp python qhull qt readline samba scanner sdl 
slang slp snmp socks5 spell sse ssl tcpd tetex tiff truetype type1 ungif usagi 
usb v4l vscan wmf wxwindows x86 xml xml2 xmms xv zlib"
Comment 1 Daniel Black (RETIRED) gentoo-dev 2004-05-06 00:17:16 UTC
submitted bug report upstream. Well found.