bin/82878: A bunch of bugs in archive_read_data of libarchive

Bjoern Koenigönig bkoenig at cs.tu-berlin.de
Fri Jul 1 23:20:19 GMT 2005 

>Number:         82878
>Category:       bin
>Synopsis:       A bunch of bugs in archive_read_data of libarchive
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 01 23:20:18 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Bjoern Koenigönig
>Release:        FreeBSD 5.4-RELEASE-p2 i386
>Organization:
>Environment:





>Description:


There is a bunch of bugs in the function archive_read_data of libarchive that prevents tar from working correctly in case you use the @filename statement of tar (see how-to-repeat section).

I refer to src/lib/libarchive/archive_read.c of HEAD:

line 367f: The return value is a size_t, therefore there is no point to return a code. Zero might be suitable or -1 to indicate an error.

line 371: This condition is always false, because if read_data_offset will be increased in the else branche then read_data_output_offset will be increased by the same value. There is no other point in the while loop where these variables will be changed -- nothing will be filled with zeros. Is this intended and for future purposes?

line 385: Always the beginning of the whole block will be copied. For example, if we have 8192 bytes at first and the whole block has a length of 10240 bytes then there are 2048 remaining bytes. The function returns and most likely it will be called twice to get the remaining bytes, but at this point memcpy would copy the wrong bytes - the first bytes of the block again.

line 395: same as 365f.



>How-To-Repeat:


This small script demonstrates that archive_read_data doesn't work correctly. The diff command should return nothing.

--- schnipp ---
#!/bin/sh

test -f sys.tar || tar -cf sys.tar /usr/src/sys/i386
test -f newsys.tar && rm newsys.tar

tar -cf newsys.tar @sys.tar
tar -xf newsys.tar
diff -r usr/src/sys/i386 /usr/src/sys/i386
--- schnapp ---



>Fix:


I tried to make a fix, but I had no success. It seems like that there are still more bugs than I enumerated.


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list