[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gunzip store trouble identified
From: |
Marcus Brinkmann |
Subject: |
gunzip store trouble identified |
Date: |
Mon, 11 Mar 2002 23:36:56 +0100 |
User-agent: |
Mutt/1.3.27i |
Hi,
I figured out what's wrong with the gunzip store.
The compressed file is 566 bytes. Now, zread in gunzip() in gunzip.c does
try to read in chunks of 256kb (IN_BUFFERING). This means, store_read is
called with amount being 256kb. Because the size of the first run is
smaller than that, store_read tries to read from multiple stores. Because
in this case store_next_run is called, and store_next_run wraps around, this
will succeed. Now, store_read returns 256kb, and that wretches things in
zread badly. in_buf_addr will now be larger than the size of the store,
and, yo and behold, the calculation of maxaddr will underflow, leading to a
maxaddr of around 2^32 minus something (something being 256kb - 566 or so).
The next read will read past the end of the store and trigger the EIO.
Again, finding the right place to fix that is bit of a problem. Only
reading up to maxread defeats the purpose of in_buffering. Maybe store_read
should not wrap around (I am not sure why it does?).
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann GNU http://www.gnu.org marcus@gnu.org
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de
- gunzip store trouble identified,
Marcus Brinkmann <=