Package: deb-gview Version: 0.2.10 Severity: important Hi!
The program does not support LFS .deb packages, neither large ar members not large tar entry files. The following is a non-exhaustive list of issues I've spotted by code staring, there might be many other: - struct DV_s::skip uses gulong, and assignments to it using stuff like g_ascii_strtod(). - parseheaderlength() uses gulong and strtoul() to parse the size, which will truncate on 32-bit systems. - prepare_contents() uses gulong and strtoul() for byes_left, uses gsize for bytesread and seek, which will get truncated. - dv_archive_open() will try to allocate and initialize (!) a buffer as large as the member size, which will not fit on the address space of a 32-bit system. - dv_archive_read() will try to slurp the entire member into memory which might not fit on the address space of a 32-bit system. To test at least the LFS in the ar container you can use the t-deb-lfs test cases in the dpkg/pkg-tests.git repo, generated with «make build». Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
