Package: unzip
Version: 6.0-7
Severity: grave
Tags: upstream
Justification: causes non-serious data loss
Dear Maintainer,
Unzipping an archive gives me CRC errors and corrupt files. Please consider
adding -DNOMEMCPY to the compile line. I was merrily unzipping an
archive when I came across CRC errors for some of the extracted files:
$ unzip ../walk_network_20120628.zip
Archive: ../walk_network_20120628.zip
inflating: walk_network.shx
inflating: walk_network.dbf bad CRC b3242663 (should be 7d1b61e0)
inflating: walk_network.prj
inflating: walk_network.sbn
inflating: walk_network.sbx
inflating: walk_network.shp bad CRC 13443cc8 (should be 0adaa078)
inflating: walk_network.shp.xml
The extracted files are corrupted. I suspected a memory failure
so ran memtester with a large percentage of ram under test. Nothing
showed up and grumpyness ensued.
So I downloaded the source using apt-get source unzip, built
the unzip executable with flags -O0 -g and removed the -s
flag from the link line to not strip the resulting binaries, like so:
$ make -B -f unix/Makefile LF2="" CFLAGS="-O0 -g" unzip
[...]
Running the unzip command above under valgrind and tells me this:
$ valgrind ../unzip-6.0/unzip ../lvm_walk_network_20120628.zip
==19732== Memcheck, a memory error detector
==19732== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==19732== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==19732== Command: ../unzip-6.0/unzip ../walk_network_20120628.zip
==19732==
Archive: ../walk_network_20120628.zip
inflating: walk_network.shx
inflating: walk_network.dbf ==19732== Source and destination overlap in
memcpy(0x70dd44, 0x70dd72, 74)
==19732== at 0x4C2A690: memcpy (mc_replace_strmem.c:838)
==19732== by 0x40D377: inflate_codes (inflate.c:1021)
==19732== by 0x40E151: inflate_dynamic (inflate.c:1373)
==19732== by 0x40E2D0: inflate_block (inflate.c:1421)
==19732== by 0x40E3E7: inflate (inflate.c:1494)
==19732== by 0x408B38: extract_or_test_member (extract.c:1855)
==19732== by 0x408091: extract_or_test_entrylist (extract.c:1576)
==19732== by 0x406060: extract_or_test_files (extract.c:584)
==19732== by 0x4116D8: do_seekable (process.c:987)
==19732== by 0x410719: process_zipfiles (process.c:401)
==19732== by 0x402195: unzip (unzip.c:1253)
==19732== by 0x401B10: main (unzip.c:720)
==19732==
Looking at the source I see it choosing between memcpy() and
a hand-rolled forward copy like this:
#ifndef NOMEMCPY
if ((unsigned)w - d >= e)
/* (this test assumes unsigned comparison) */
{
memcpy(redirSlide + (unsigned)w, redirSlide + d, e);
w += e;
d += e;
}
else /* do it slowly to avoid memcpy() overlap */
#endif /* !NOMEMCPY */
do {
redirSlide[w++] = redirSlide[d++];
} while (--e);
The same style of test occurs in explode.c twice. So I added -DNOMEMCPY to
the compile line, rebuilt, and ran the unzip command again. All files were
intact without any corruption.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages unzip depends on:
ii libbz2-1.0 1.0.6-4
ii libc6 2.13-35
unzip recommends no packages.
Versions of packages unzip suggests:
pn zip <none>
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
