Ticket #4561 (closed defect: fixed)

Opened 2 months ago

Last modified 7 weeks ago

tar: segfault on copy fiiles from archive

Reported by: andrew_b Owned by: andrew_b
Priority: major Milestone: 4.8.32
Component: mc-vfs Version: master
Keywords: Cc:
Blocked By: Blocking:
Branch state: merged Votes for changeset: committed-master

Description

Original bug report: https://bugzilla.altlinux.org/50857

The simplest archive that bug is reproduced with is attached.

How to reproduce:

  1. Enter to the test.tar.
  2. Copy the top test directory with F5.

Attachments

test.tar (10.0 KB) - added by andrew_b 2 months ago.
longdir-test.tar.l.zip (392 bytes) - added by zaytsev 7 weeks ago.

Change History

Changed 2 months ago by andrew_b

comment:1 Changed 2 months ago by andrew_b

  • Status changed from new to accepted
  • Owner set to andrew_b
  • Branch state changed from no branch to on review
  • Milestone changed from Future Releases to 4.8.32

Branch: 4561_tar_segfault
changeset:a9a1451fd488ab9ffb50f2d55f42f80dd7e70a8b

The cause of segfault is endless recursive call of do_compute_dir_size() because of incorrect handling of very long file/directory name. As a result the structure of opened tar archive may contain a directory with an empty name.

comment:2 Changed 8 weeks ago by andrew_b

  • Summary changed from tar: segault on copy fiiles from archive to tar: segfault on copy fiiles from archive

comment:3 Changed 8 weeks ago by andrew_b

TODO before merge: fix commit message: s/segault/segfault

comment:4 Changed 8 weeks ago by andrew_b

  • Votes for changeset set to andrew_b
  • Branch state changed from on review to approved

comment:5 Changed 8 weeks ago by andrew_b

  • Status changed from accepted to testing
  • Votes for changeset changed from andrew_b to committed-master
  • Resolution set to fixed
  • Branch state changed from approved to merged

Merged to master: [9f4e88fd7022e9946004026df4725903434d23ac].

comment:6 Changed 8 weeks ago by andrew_b

  • Status changed from testing to closed

Typos was not fixed :-((

comment:7 Changed 8 weeks ago by andrew_b

  • Priority changed from trivial to major

comment:8 Changed 8 weeks ago by cieply

Can confirm it doesn't crash any more. There is a caveat though. Path length is 253 bytes and file name 248 bytes which is below 255 max file length for ext3/4 and 4096 max path but it still says: 

Cannot create target directory "/tmp/test/~xxxxxxxxxxxxxx" 
                    File name too long (36)

It's not too long actually.

Archive listing

Also, for sake of simplicity, the tar file used as example should be compressed. It wouldn't change the outcome but would decrease attachment 40 times.

Last edited 7 weeks ago by zaytsev (previous) (diff)

Changed 7 weeks ago by zaytsev

Note: See TracTickets for help on using tickets.