Bug 322047

Summary:	app-arch/zip-3.0: 'zipnote -w' segfaults on certain archives
Product:	Gentoo Linux	Reporter:	Rafał Mużyło <galtgendo>
Component:	Current packages	Assignee:	Gentoo's Team for Core System packages <base-system>
Status:	RESOLVED FIXED
Severity:	normal	CC:	nikoli
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	zipnote input with corected names a more complete backtrace a few fixes from zip3.1c + my hack

Description Rafał Mużyło 2010-05-30 02:35:35 UTC

It's a rather old bug.
For example, let's use NanumGothicCoding-2.0.zip (media-fonts/nanumfont)

(in an utf8 locale)
zipnote NanumGothicCoding-2.0.zip > NanumGothicCoding-2.0
iconv -f cp949 NanumGothicCoding-2.0 -o NanumGothicCoding-2.0.utf8 (to retrieve the names)
edit NanumGothicCoding-2.0 to put the names in (utf8 encoded)
zipnote -w NanumGothicCoding-2.0.zip < NanumGothicCoding-2.0
zipnote error: Bad file descriptor
*** glibc detected *** zipnote: free(): corrupted unsorted chunks: 0x084f3b78 ***
======= Backtrace: =========
/lib/libc.so.6(+0x6a81f)[0xb76ed81f]
/lib/libc.so.6(+0x6c0a0)[0xb76ef0a0]
/lib/libc.so.6(cfree+0x6d)[0xb76f218d]
/lib/libc.so.6(fclose+0x152)[0xb76ddb42]
/lib/libc.so.6(perror+0xb9)[0xb76dae09]
zipnote[0x804958c]
zipnote[0x804a2a6]
/lib/libc.so.6(__libc_start_main+0xe6)[0xb7699bb6]
zipnote[0x80491c1]
======= Memory map: ========
08048000-0805a000 r-xp 00000000 103:c0000 1048694  /usr/bin/zipnote
0805a000-0805b000 r--p 00011000 103:c0000 1048694  /usr/bin/zipnote
0805b000-0805c000 rw-p 00012000 103:c0000 1048694  /usr/bin/zipnote
0805c000-0805f000 rw-p 00000000 00:00 0 
084f3000-08514000 rw-p 00000000 00:00 0          [heap]
b7300000-b7321000 rw-p 00000000 00:00 0 
b7321000-b7400000 ---p 00000000 00:00 0 
b743f000-b745b000 r-xp 00000000 103:c0000 2132904  /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b745b000-b745c000 r--p 0001b000 103:c0000 2132904  /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b745c000-b745d000 rw-p 0001c000 103:c0000 2132904  /usr/lib/gcc/i686-pc-linux-gnu/4.4.3/libgcc_s.so.1
b7482000-b7682000 r--p 00000000 103:c0000 1150122  /usr/lib/locale/locale-archive
b7682000-b7683000 rw-p 00000000 00:00 0 
b7683000-b77c1000 r-xp 00000000 103:c0000 1133447  /lib/libc-2.11.so
b77c1000-b77c3000 r--p 0013e000 103:c0000 1133447  /lib/libc-2.11.so
b77c3000-b77c4000 rw-p 00140000 103:c0000 1133447  /lib/libc-2.11.so
b77c4000-b77c7000 rw-p 00000000 00:00 0 
b77d3000-b77db000 rw-p 00000000 00:00 0 
b77e1000-b77eb000 rw-p 00000000 00:00 0 
b77eb000-b77ec000 r--p 00e19000 103:c0000 1150122  /usr/lib/locale/locale-archive
b77ec000-b77ed000 rw-p 00000000 00:00 0 
b77ed000-b77ee000 r-xp 00000000 00:00 0          [vdso]
b77ee000-b780a000 r-xp 00000000 103:c0000 1133380  /lib/ld-2.11.so
b780a000-b780b000 r--p 0001b000 103:c0000 1133380  /lib/ld-2.11.so
b780b000-b780c000 rw-p 0001c000 103:c0000 1133380  /lib/ld-2.11.so
bf987000-bf9a9000 rw-p 00000000 00:00 0          [stack]

zipnote error: Interrupted (aborting at signal 6)
^C
zipnote error: Interrupted (aborting at signal 2)
^C
^C
^C


zipnote error: Interrupted (aborting at signal 15)
Unicestwiony

those '^C' come from attempts of terminating it, as it needs external SIGKILL
to exit after it prints this.

Comment 1 Rafał Mużyło 2010-05-30 02:36:38 UTC

Created attachment 233473 [details]
zipnote input with corected names

Comment 2 Rafał Mużyło 2010-05-30 03:53:37 UTC

oops, I forgot
USE="bzip2 crypt unicode"
CFLAGS="-O2 -march=athlon -mtune=athlon -pipe"

Comment 3 Rafał Mużyło 2010-06-03 15:32:18 UTC

Created attachment 233987 [details]
a more complete backtrace

Comment 4 Rafał Mużyło 2010-06-03 16:10:30 UTC

Problem seems fixed in 3.1b beta.

Comment 5 Rafał Mużyło 2012-06-12 15:50:52 UTC

Created attachment 315109 [details, diff]
a few fixes from zip3.1c + my hack

It's been awhile and upstream haven't done much during the time.

I've decided to try to extract the minimal changes from betwen zip30 and zip31c.

- second block in zipnote.c is the fix for the freze
- blocks in fileio.c and zipfile.c are fixes for two other bugs, as described in zip31c tarball
- first block in zipnote.c is my hack; it's needed for a less incorrect zipnote:
  while using zipnote supporting unicode in an utf8 locale
  - without my hack, if the new name is outside ascii, it's getting interpreted
    as if it was in an 8bit locale (even though the archive unpacks without
    warnings, the names are wrong)
  - with my hack, while there's a warning of local/global mismatch, files are
    extracted with expected names

Unfortunately, the coding style of this package was a bit too convoluted from me to come up with a proper fix (at least in this attempt).

Comment 6 Tony Vroon (RETIRED) gentoo-dev

2015-01-28 09:45:21 UTC

+*zip-3.0-r3 (28 Jan 2015)
+
+  28 Jan 2015; Tony Vroon <chainsaw@gentoo.org> +zip-3.0-r3.ebuild,
+  +files/zip-3.0-format-security.patch, +files/zip-3.0-zipnote-freeze.patch:
+  Upstream 3.1C fileio & zipnote changes backported by Rafał "galtgendo"
+  Mużyło, closes bug #322047. Incorrect printf usage changed to fputs by Ted
+  Tanberry, closes bug #512414.