Ticket #4561 (closed defect: fixed)

Opened 5 months ago

Last modified 5 months ago

tar: segfault on copy fiiles from archive

Reported by: andrew_b Owned by: andrew_b
Priority: major Milestone: 4.8.32
Component: mc-vfs Version: master
Keywords: Cc:
Blocked By: Blocking:
Branch state: merged Votes for changeset: committed-master

Description

Original bug report: https://bugzilla.altlinux.org/50857

The simplest archive that bug is reproduced with is attached.

How to reproduce:

  1. Enter to the test.tar.
  2. Copy the top test directory with F5.

Attachments

test.tar (10.0 KB) - added by andrew_b 5 months ago.
longdir-test.tar.l.zip (392 bytes) - added by zaytsev 5 months ago.

Change History

Changed 5 months ago by andrew_b

comment:1 Changed 5 months ago by andrew_b

  • Status changed from new to accepted
  • Owner set to andrew_b
  • Branch state changed from no branch to on review
  • Milestone changed from Future Releases to 4.8.32

Branch: 4561_tar_segfault
changeset:a9a1451fd488ab9ffb50f2d55f42f80dd7e70a8b

The cause of segfault is endless recursive call of do_compute_dir_size() because of incorrect handling of very long file/directory name. As a result the structure of opened tar archive may contain a directory with an empty name.

comment:2 Changed 5 months ago by andrew_b

  • Summary changed from tar: segault on copy fiiles from archive to tar: segfault on copy fiiles from archive

comment:3 Changed 5 months ago by andrew_b

TODO before merge: fix commit message: s/segault/segfault

comment:4 Changed 5 months ago by andrew_b

  • Votes for changeset set to andrew_b
  • Branch state changed from on review to approved

comment:5 Changed 5 months ago by andrew_b

  • Status changed from accepted to testing
  • Votes for changeset changed from andrew_b to committed-master
  • Resolution set to fixed
  • Branch state changed from approved to merged

Merged to master: [9f4e88fd7022e9946004026df4725903434d23ac].

comment:6 Changed 5 months ago by andrew_b

  • Status changed from testing to closed

Typos was not fixed :-((

comment:7 Changed 5 months ago by andrew_b

  • Priority changed from trivial to major

comment:8 Changed 5 months ago by cieply

Can confirm it doesn't crash any more. There is a caveat though. Path length is 253 bytes and file name 248 bytes which is below 255 max file length for ext3/4 and 4096 max path but it still says: `Cannot create target directory "/root/tmp/test/~xxxxxxxxxxxxxx"

File name too long (36)

`
It's not too long actually.

--
Also, for sake of simplicity, the tar file used as example should be compressed. It wouldn't change the outcome but would decrease attachment 40 times.

Version 1, edited 5 months ago by cieply (previous) (next) (diff)

Changed 5 months ago by zaytsev

Note: See TracTickets for help on using tickets.