Bug#612675: libkio5: KTar class have broken UTF-8 support (longlink)

Rinat Wed, 09 Feb 2011 14:18:21 -0800

Package: libkio5
Version: 4:4.4.5-3.1
Severity: grave
Tags: patch
Justification: causes non-serious data loss


I tried to create tar by KBackup program and found
truncated names of my files in .tar. KBackup uses
KTar class for writing tar files and that class
have broken UTF-8 support, it seems.

First, tar archives have to use "longlink trick" to 
store names longer than 100 bytes. KTar class has 
functions implementing longlink, but they check name 
length in _characters_, not in bytes. For non-ASCII 
characters in UTF-8 length of string in bytes and 
length in characters do not match. In my case file 
had character-length less than 100 and byte-length 
greater than 100, so name simply truncated. Such 
behavior can be observed on non-ASCII UTF-8 or any 
other multibyte encoding. If file name is very long,
resulting .tar may become unreadable.

Second, calculation of 'chksum' field of tar header also
broken: 'buffer' array defined as char, a signed number,
while in tar sources chksum obtained as sum of unsigned
values (actually there is the trick for (unsigned char)
emulate, converting to integer and then logical and with
0xFF). May be bad checksum was reason for unreadable .tar.

In the following patch you'll find a fix for this bug.

diff -ru kde4libs-4.4.5.orig/kio/kio/ktar.cpp kde4libs-4.4.5/kio/kio/ktar.cpp
--- kde4libs-4.4.5.orig/kio/kio/ktar.cpp        2010-02-26 21:30:10.000000000 
+0300
+++ kde4libs-4.4.5/kio/kio/ktar.cpp     2011-02-09 17:43:33.084041001 +0300
@@ -661,7 +661,7 @@
   // Header check sum
   int check = 32;
   for( uint j = 0; j < 0x200; ++j )
-    check += buffer[j];
+    check += (unsigned char)buffer[j];
   s = QByteArray::number( check, 8 ); // octal
   s = s.rightJustified( 6, '0' );
   memcpy( buffer + 0x94, s.constData(), 6 );
@@ -733,7 +733,7 @@
     const QByteArray gname = group.toLocal8Bit();
 
     // If more than 100 chars, we need to use the LongLink trick
-    if ( fileName.length() > 99 )
+    if ( encodedFileName.length() > 99 )
         d->writeLonglink(buffer,encodedFileName,'L',uname,gname);
 
     // Write (potentially truncated) name
@@ -786,7 +786,7 @@
     QByteArray gname = group.toLocal8Bit();
 
     // If more than 100 chars, we need to use the LongLink trick
-    if ( dirName.length() > 99 )
+    if ( encodedDirname.length() > 99 )
         d->writeLonglink(buffer,encodedDirname,'L',uname,gname);
 
     // Write (potentially truncated) name
@@ -838,9 +838,9 @@
     QByteArray gname = group.toLocal8Bit();
 
     // If more than 100 chars, we need to use the LongLink trick
-    if (target.length() > 99)
+    if (encodedTarget.length() > 99)
         d->writeLonglink(buffer,encodedTarget,'K',uname,gname);
-    if ( fileName.length() > 99 )
+    if ( encodedFileName.length() > 99 )
         d->writeLonglink(buffer,encodedFileName,'L',uname,gname);
 
     // Write (potentially truncated) name





-- System Information:
Debian Release: 6.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.37-rc5 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.utf8, LC_CTYPE=ru_RU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libkio5 depends on:
ii  libacl1                 2.2.49-4         Access control list shared library
ii  libattr1                1:2.4.44-2       Extended attribute shared library
ii  libc6                   2.11.2-10        Embedded GNU C Library: Shared lib
ii  libgamin0 [libfam0]     0.1.10-2+b1      Client library for the gamin file 
ii  libgcc1                 1:4.4.5-8        GCC support library
ii  libkdecore5             4:4.4.5-3.1      the KDE Platform Core Library
ii  libkdeui5               4:4.4.5-3.1      the KDE Platform User Interface Li
ii  libqt4-dbus             4:4.6.3-4        Qt 4 D-Bus module
ii  libqt4-network          4:4.6.3-4        Qt 4 network module
ii  libqt4-svg              4:4.6.3-4        Qt 4 SVG module
ii  libqt4-xml              4:4.6.3-4        Qt 4 XML module
ii  libqtcore4              4:4.6.3-4        Qt 4 core module
ii  libqtgui4               4:4.6.3-4        Qt 4 GUI module
ii  libsolid4               4:4.4.5-3.1      Solid Library for KDE Platform
ii  libstdc++6              4.4.5-8          The GNU Standard C++ Library v3
ii  libstreamanalyzer0      0.7.2-1+b1       streamanalyzer library for Strigi 
ii  libx11-6                2:1.3.3-4        X11 client-side library
ii  libxrender1             1:0.9.6-1        X Rendering Extension client libra
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages libkio5 recommends:
ii  kdelibs5-plugins             4:4.4.5-3.1 core plugins for KDE Applications

libkio5 suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110209221622.7254.23363.reportbug@acerone2

Bug#612675: libkio5: KTar class have broken UTF-8 support (longlink)

Reply via email to