Recent changes to 77: zipnote: Segfault during write operationhttps://sourceforge.net/p/infozip/bugs/77/Recent changes to 77: zipnote: Segfault during write operationenTue, 22 Apr 2025 22:29:27 -0000zipnote: Segfault during write operationhttps://sourceforge.net/p/infozip/bugs/77/<div class="markdown_content"><p>Hello. This is Debian Bug #952509 and this is the full URL for the bug:</p> <p><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952509" rel="nofollow">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952509</a></p> <p>Follows a summary of the bug.</p> <p>(Note: I'm also attaching the reconstructed "crash00.zip" file which was provided later in the Debian bug)</p> <p>koala writes:</p> <div class="codehilite"><pre><span></span><code><span class="nv">A</span><span class="w"> </span><span class="nv">segfault</span><span class="w"> </span><span class="nv">during</span><span class="w"> </span><span class="nv">the</span><span class="w"> </span><span class="nv">write</span><span class="w"> </span><span class="nv">operation</span><span class="w"> </span><span class="nv">with</span><span class="w"> </span><span class="nv">zipnote</span><span class="w"> </span><span class="nv">version</span><span class="w"> </span><span class="mi">3</span>.<span class="mi">0</span> <span class="nv">How</span><span class="w"> </span><span class="nv">to</span><span class="w"> </span><span class="nv">reproduce</span><span class="w"> </span><span class="nv">the</span><span class="w"> </span><span class="nv">bug</span><span class="w"> </span>: <span class="mi">1</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="nv">zipnote</span><span class="w"> </span><span class="nv">crash00</span>.<span class="nv">zip</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="nv">note</span> <span class="mi">2</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="nv">zipnote</span><span class="w"> </span><span class="o">-</span><span class="nv">w</span><span class="w"> </span><span class="nv">crash00</span>.<span class="nv">zip</span><span class="w"> </span><span class="o">&lt;</span><span class="w"> </span><span class="nv">note</span> <span class="nv">The</span><span class="w"> </span><span class="nv">execution</span><span class="w"> </span><span class="nv">trace</span><span class="w"> </span><span class="k">show</span><span class="w"> </span><span class="nv">a</span><span class="w"> </span><span class="nv">memcpy</span><span class="w"> </span><span class="nv">with</span><span class="w"> </span><span class="nv">the</span><span class="w"> </span><span class="nv">wrong</span><span class="w"> </span><span class="nv">size</span><span class="w"> </span>: ###################################### <span class="nv">free</span><span class="ss">(</span><span class="mi">0</span><span class="nv">x559aff234480</span><span class="ss">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">&lt;</span><span class="nv">void</span><span class="o">&gt;</span> <span class="nv">free</span><span class="ss">(</span><span class="mi">0</span><span class="nv">x559aff2343a0</span><span class="ss">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">&lt;</span><span class="nv">void</span><span class="o">&gt;</span> <span class="nv">fclose</span><span class="ss">(</span><span class="mi">0</span><span class="nv">x559aff234150</span><span class="ss">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span> <span class="nv">ftello64</span><span class="ss">(</span><span class="mi">0</span><span class="nv">x559aff233280</span>,<span class="w"> </span><span class="mi">1</span>,<span class="w"> </span><span class="mi">0</span>,<span class="w"> </span><span class="mi">0</span><span class="nv">x559aff233010</span><span class="ss">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">124</span> <span class="nv">malloc</span><span class="ss">(</span><span class="mi">1</span><span class="ss">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="nv">x559aff234480</span> <span class="nv">memcpy</span><span class="ss">(</span><span class="mi">0</span><span class="nv">x559aff234480</span>,<span class="w"> </span><span class="s2">""</span>,<span class="w"> </span><span class="mi">0</span><span class="ss">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="nv">x559aff234480</span> <span class="nv">memcpy</span><span class="ss">(</span><span class="mi">0</span><span class="nv">x559aff234480</span>,<span class="w"> </span><span class="s2">"mples/UT\005\0\177\0\0\0\0\0\0\0\0\0\0\301\0\0\0\0\0\0\0\036\003\n"</span>...,<span class="w"> </span><span class="mi">18446744073709551605</span><span class="w"> </span><span class="o">&lt;</span><span class="nv">no</span><span class="w"> </span><span class="k">return</span><span class="w"> </span>...<span class="o">&gt;</span> <span class="o">---</span><span class="w"> </span><span class="nv">SIGSEGV</span><span class="w"> </span><span class="ss">(</span><span class="nv">Segmentation</span><span class="w"> </span><span class="nv">fault</span><span class="ss">)</span><span class="w"> </span><span class="o">---</span> </code></pre></div> </div>Santiago VilaTue, 22 Apr 2025 22:29:27 -0000https://sourceforge.nete10182935c6abfbc15ff4acfe192d9155e16da13