[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gunzip store trouble identified

From: Marcus Brinkmann
Subject: gunzip store trouble identified
Date: Mon, 11 Mar 2002 23:36:56 +0100
User-agent: Mutt/1.3.27i


I figured out what's wrong with the gunzip store.

The compressed file is 566 bytes.  Now, zread in gunzip() in gunzip.c does
try to read in chunks of 256kb (IN_BUFFERING).  This means, store_read is
called with amount being 256kb.  Because the size of the first run is
smaller than that, store_read tries to read from multiple stores.  Because
in this case store_next_run is called, and store_next_run wraps around, this
will succeed.  Now, store_read returns 256kb, and that wretches things in
zread badly.  in_buf_addr will now be larger than the size of the store,
and, yo and behold, the calculation of maxaddr will underflow, leading to a
maxaddr of around 2^32 minus something (something being 256kb - 566 or so).
The next read will read past the end of the store and trigger the EIO.

Again, finding the right place to fix that is bit of a problem.  Only
reading up to maxread defeats the purpose of in_buffering.  Maybe store_read
should not wrap around (I am not sure why it does?).


`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann              GNU    http://www.gnu.org    marcus@gnu.org

reply via email to

[Prev in Thread] Current Thread [Next in Thread]