[BusyBox 0000585]: gzip enters infinite busy loop when decompressing a corrupted file
bugs at busybox.net
bugs at busybox.net
Tue Dec 27 11:03:39 UTC 2005
A NOTE has been added to this issue.
======================================================================
http://busybox.net/bugs/view.php?id=585
======================================================================
Reported By: schweikhardt
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 585
Category: Other
Reproducibility: always
Severity: major
Priority: normal
Status: assigned
======================================================================
Date Submitted: 12-07-2005 07:13 PST
Last Modified: 12-27-2005 03:03 PST
======================================================================
Summary: gzip enters infinite busy loop when decompressing a
corrupted file
Description:
gzip can enter a busy loop when fed a truncated file. To reproduce:
# gzip -? # To print version info
gzip: invalid option -- ?
BusyBox v1.00-rc3 (2004.10.07-07:15+0000) multi-call binary
Usage: gzip [OPTION]... [FILE]...
Compress FILE(s) with maximum compression.
When FILE is '-' or unspecified, reads standard input. Implies -c.
Options:
-c Write output to standard output instead of FILE.gz
-d decompress
# strace gzip -cd tst.tgz > /dev/null
execve("/bin/gzip", ["gzip", "-cd", "tst.tgz"], [/* 21 vars */]) = 0
fcntl64(0, F_GETFD) = 0
fcntl64(1, F_GETFD) = 0
fcntl64(2, F_GETFD) = 0
geteuid() = 0
getuid() = 0
getegid() = 0
getgid() = 0
brk(0) = 0x101b7278
brk(0x101b8278) = 0x101b8278
brk(0x101b9000) = 0x101b9000
stat("/etc/busybox.conf", {st_mode=S_IFREG|0444, st_size=266, ...}) = 0
open("/etc/busybox.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=266, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x30000000
read(3, "[SUID]\nsu\t= ssx 0.0 # run with e"..., 4096) = 266
read(3, "", 4096) = 0
close(3) = 0
munmap(0x30000000, 4096) = 0
getuid() = 0
getgid() = 0
setgid(0) = 0
setuid(0) = 0
open("tst.tgz", O_RDONLY) = 3
stat("tst.tgz", {st_mode=S_IFREG|0600, st_size=65657, ...}) = 0
ioctl(3, TCGETS or TCGETS, 0x7ffff6b0) = -1 ENOTTY (Inappropriate ioctl
for device)
read(3, "\37", 1) = 1
read(3, "\213", 1) = 1
read(3, "\10\10G\6rC\2\3", 8) = 8
read(3, "p", 1) = 1
read(3, "k", 1) = 1
read(3, "g", 1) = 1
read(3, ".", 1) = 1
read(3, "t", 1) = 1
read(3, "a", 1) = 1
read(3, "r", 1) = 1
read(3, "\0", 1) = 1
brk(0x101c0000) = 0x101c0000
brk(0x101c8000) = 0x101c8000
read(3, "\354\231wTT\327\332\207\31E\21\260\321\4\373X\242\6\25"...,
32760) = 32760
brk(0x101c9000) = 0x101c9000
brk(0x101ca000) = 0x101ca000
write(1, "var/db/pkg/05HAN000174AAR0005-ro"..., 32768) = 32768
read(3, "\210\25\325\320\356\237\3551\4\376~\371\275\'\363d\34\'"...,
32760) = 32760
write(1, "\276e\5=\23C F\367\364\317\1\363\347?\4\37\362C\234i\276"...,
32768) = 32768
read(3, "\36\356\236L=\240\301\371\216DG\200%sw\30\211j\216<\222"...,
32760) = 119
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
[etc ad nauseam; I interrupted this after gzip had accumulated 80 cpu
minutes]
It appears that at one point a "short read" indicating EOF is ignored.
======================================================================
----------------------------------------------------------------------
robang74 - 12-27-05 03:03
----------------------------------------------------------------------
Has been closed in blackbox version 1.01
busybox-1.01]$ cat busybox | gzip -c >test.gz
busybox-1.01]$ dd if=test.gz of=test.gz0 bs=1k count=10
entrati 10+0 record
usciti 10+0 record
busybox-1.01]$ ./busybox gzip -cd test.gz0 >/dev/null
gzip: unexpected end of file
Issue History
Date Modified Username Field Change
======================================================================
12-07-05 07:13 schweikhardt New Issue
12-07-05 07:13 schweikhardt Status new => assigned
12-07-05 07:13 schweikhardt Assigned To => BusyBox
12-07-05 07:13 schweikhardt File Added: tst.tgz
12-27-05 03:03 robang74 Note Added: 0000820
======================================================================
More information about the busybox-cvs
mailing list