Anonymous | Login | Signup for a new account | 11-10-2008 10:54 PST |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0000585 | [BusyBox] Other | major | always | 12-07-05 07:13 | 01-09-06 21:58 | ||||
Reporter | schweikhardt | View Status | public | ||||||
Assigned To | BusyBox | ||||||||
Priority | normal | Resolution | fixed | ||||||
Status | closed | Product Version | 1.00 | ||||||
Summary | 0000585: gzip enters infinite busy loop when decompressing a corrupted file | ||||||||
Description |
gzip can enter a busy loop when fed a truncated file. To reproduce: # gzip -? # To print version info gzip: invalid option -- ? BusyBox v1.00-rc3 (2004.10.07-07:15+0000) multi-call binary Usage: gzip [OPTION]... [FILE]... Compress FILE(s) with maximum compression. When FILE is '-' or unspecified, reads standard input. Implies -c. Options: -c Write output to standard output instead of FILE.gz -d decompress # strace gzip -cd tst.tgz > /dev/null execve("/bin/gzip", ["gzip", "-cd", "tst.tgz"], [/* 21 vars */]) = 0 fcntl64(0, F_GETFD) = 0 fcntl64(1, F_GETFD) = 0 fcntl64(2, F_GETFD) = 0 geteuid() = 0 getuid() = 0 getegid() = 0 getgid() = 0 brk(0) = 0x101b7278 brk(0x101b8278) = 0x101b8278 brk(0x101b9000) = 0x101b9000 stat("/etc/busybox.conf", {st_mode=S_IFREG|0444, st_size=266, ...}) = 0 open("/etc/busybox.conf", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0444, st_size=266, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30000000 read(3, "[SUID]\nsu\t= ssx 0.0 # run with e"..., 4096) = 266 read(3, "", 4096) = 0 close(3) = 0 munmap(0x30000000, 4096) = 0 getuid() = 0 getgid() = 0 setgid(0) = 0 setuid(0) = 0 open("tst.tgz", O_RDONLY) = 3 stat("tst.tgz", {st_mode=S_IFREG|0600, st_size=65657, ...}) = 0 ioctl(3, TCGETS or TCGETS, 0x7ffff6b0) = -1 ENOTTY (Inappropriate ioctl for device) read(3, "\37", 1) = 1 read(3, "\213", 1) = 1 read(3, "\10\10G\6rC\2\3", 8) = 8 read(3, "p", 1) = 1 read(3, "k", 1) = 1 read(3, "g", 1) = 1 read(3, ".", 1) = 1 read(3, "t", 1) = 1 read(3, "a", 1) = 1 read(3, "r", 1) = 1 read(3, "\0", 1) = 1 brk(0x101c0000) = 0x101c0000 brk(0x101c8000) = 0x101c8000 read(3, "\354\231wTT\327\332\207\31E\21\260\321\4\373X\242\6\25"..., 32760) = 32760 brk(0x101c9000) = 0x101c9000 brk(0x101ca000) = 0x101ca000 write(1, "var/db/pkg/05HAN000174AAR0005-ro"..., 32768) = 32768 read(3, "\210\25\325\320\356\237\3551\4\376~\371\275\'\363d\34\'"..., 32760) = 32760 write(1, "\276e\5=\23C F\367\364\317\1\363\347?\4\37\362C\234i\276"..., 32768) = 32768 read(3, "\36\356\236L=\240\301\371\216DG\200%sw\30\211j\216<\222"..., 32760) = 119 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 read(3, "", 32760) = 0 [etc ad nauseam; I interrupted this after gzip had accumulated 80 cpu minutes] It appears that at one point a "short read" indicating EOF is ignored. |
||||||||
Additional Information | The attachment is the tst.tgz I used. | ||||||||
Attached Files | tst.tgz [^] (65,657 bytes) 12-07-05 07:13 | ||||||||
|
Copyright © 2000 - 2006 Mantis Group |