Re: Unzip *ALL* verisons ;))

[Joachim Schipper <j.schipper () math uu nl>]

On Mon, Dec 19, 2005 at 12:06:07PM +0000, c0ntex wrote:
> Just to add to the pot, this little bug has been there a long time,
> mmm, around 2+ yrs. Any apps calling unzip? Any unzip archives with
> rather large files?
>
> ;)
>
> [c0ntex@linuxbox tmp]$ gdb -q unzip
> (no debugging symbols found)...Using host libthread_db library
> "/lib/tls/libthread_db.so.1".
> (gdb) r `perl -e 'print "A" x 5000'`
> Starting program: /usr/bin/unzip `perl -e 'print "A" x 5000'`
> Reading symbols from shared object read from target memory...(no
> debugging symbols found)...done.
> Loaded system supplied DSO at 0xffffe000
> (no debugging symbols found)...(no debugging symbols found)...unzip: 
> cannot find or open AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
> [snip]
>
> AAAAAAAAAAAAAA.ZIP.
> *** glibc detected *** double free or corruption: 0x08075008 ***
>
> Program received signal SIGABRT, Aborted.
> 0xffffe410 in __kernel_vsyscall ()
> (gdb) bt
> #0  0xffffe410 in __kernel_vsyscall ()
> #1  0x002a2955 in raise () from /lib/tls/libc.so.6
> #2  0x002a4319 in abort () from /lib/tls/libc.so.6
> #3  0x002dba1b in malloc_printerr () from /lib/tls/libc.so.6
> #4  0x002dc4ba in free () from /lib/tls/libc.so.6
> #5  0x080543a6 in ?? ()
> #6  0x08075008 in ?? ()
> #7  0x00000005 in ?? ()
> #8  0x00000000 in ?? ()

I cannot reproduce this, either with "A" x 5000 or "A" x 20000. I tested
unzip-5.52 on Linux/i386-2.6 and OpenBSD/i386-3.8, and saw no error.

                Joachim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/