On Fri, 11 Apr 2014, Tim Van Holder wrote:
> Possible points of overflow seemed like the system version (15.0, which may be
> larger than unzip expects) and file system (ntfs, shown truncated here).
> Hex-editing the zip file, changing the OS version from 0x96 (150 or 15.0) to
> 0x42 (66 or 6.6) made the crash go away, so it looks like that's the actual
> bug.
>
> I'll attach a dummy zip file (zip -9m foo.zip bar.txt, where bar.txt is an
> empty file), where I manually hexedited the version from the default 0x1E (30
> or 3.0) to 0x82 (130 or 13.0), which reproduces the crash.
Sorry for the late reply. I plan to apply this patch:
--- a/zipinfo.c
+++ b/zipinfo.c
@@ -2114,7 +2114,7 @@
else
attribs[9] = (xattr & UNX_ISVTX)? 'T' : '-'; /* T==undefined
*/
- sprintf(&attribs[12], "%u.%u", hostver/10, hostver%10);
+ sprintf(&attribs[11], "%2u.%u", hostver/10, hostver%10);
break;
} /* end switch (hostnum: external attributes format) */
Another way to fix this would be to make "attribs" array larger, but
that would break scripts doing this:
zipinfo | awk '{ print substr($0,x,y) }'
I will forward this upstream.
Thanks a lot for the report.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
