BusyBox Bug and Patch Tracking
BusyBox
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000585 [BusyBox] Other major always 12-07-05 07:13 01-09-06 21:58
Reporter schweikhardt View Status public  
Assigned To BusyBox
Priority normal Resolution fixed  
Status closed   Product Version 1.00
Summary 0000585: gzip enters infinite busy loop when decompressing a corrupted file
Description gzip can enter a busy loop when fed a truncated file. To reproduce:

# gzip -? # To print version info
gzip: invalid option -- ?
BusyBox v1.00-rc3 (2004.10.07-07:15+0000) multi-call binary

Usage: gzip [OPTION]... [FILE]...

Compress FILE(s) with maximum compression.
When FILE is '-' or unspecified, reads standard input. Implies -c.

Options:
 -c Write output to standard output instead of FILE.gz
 -d decompress

# strace gzip -cd tst.tgz > /dev/null
execve("/bin/gzip", ["gzip", "-cd", "tst.tgz"], [/* 21 vars */]) = 0
fcntl64(0, F_GETFD) = 0
fcntl64(1, F_GETFD) = 0
fcntl64(2, F_GETFD) = 0
geteuid() = 0
getuid() = 0
getegid() = 0
getgid() = 0
brk(0) = 0x101b7278
brk(0x101b8278) = 0x101b8278
brk(0x101b9000) = 0x101b9000
stat("/etc/busybox.conf", {st_mode=S_IFREG|0444, st_size=266, ...}) = 0
open("/etc/busybox.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=266, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30000000
read(3, "[SUID]\nsu\t= ssx 0.0 # run with e"..., 4096) = 266
read(3, "", 4096) = 0
close(3) = 0
munmap(0x30000000, 4096) = 0
getuid() = 0
getgid() = 0
setgid(0) = 0
setuid(0) = 0
open("tst.tgz", O_RDONLY) = 3
stat("tst.tgz", {st_mode=S_IFREG|0600, st_size=65657, ...}) = 0
ioctl(3, TCGETS or TCGETS, 0x7ffff6b0) = -1 ENOTTY (Inappropriate ioctl for device)
read(3, "\37", 1) = 1
read(3, "\213", 1) = 1
read(3, "\10\10G\6rC\2\3", 8) = 8
read(3, "p", 1) = 1
read(3, "k", 1) = 1
read(3, "g", 1) = 1
read(3, ".", 1) = 1
read(3, "t", 1) = 1
read(3, "a", 1) = 1
read(3, "r", 1) = 1
read(3, "\0", 1) = 1
brk(0x101c0000) = 0x101c0000
brk(0x101c8000) = 0x101c8000
read(3, "\354\231wTT\327\332\207\31E\21\260\321\4\373X\242\6\25"..., 32760) = 32760
brk(0x101c9000) = 0x101c9000
brk(0x101ca000) = 0x101ca000
write(1, "var/db/pkg/05HAN000174AAR0005-ro"..., 32768) = 32768
read(3, "\210\25\325\320\356\237\3551\4\376~\371\275\'\363d\34\'"..., 32760) = 32760
write(1, "\276e\5=\23C F\367\364\317\1\363\347?\4\37\362C\234i\276"..., 32768) = 32768
read(3, "\36\356\236L=\240\301\371\216DG\200%sw\30\211j\216<\222"..., 32760) = 119
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
read(3, "", 32760) = 0
[etc ad nauseam; I interrupted this after gzip had accumulated 80 cpu minutes]

It appears that at one point a "short read" indicating EOF is ignored.
Additional Information The attachment is the tst.tgz I used.
Attached Files  tst.tgz [^] (65,657 bytes) 12-07-05 07:13

- Relationships

- Notes
(0000820)
robang74
12-27-05 03:03

Has been closed in blackbox version 1.01

busybox-1.01]$ cat busybox | gzip -c >test.gz
busybox-1.01]$ dd if=test.gz of=test.gz0 bs=1k count=10
entrati 10+0 record
usciti 10+0 record
busybox-1.01]$ ./busybox gzip -cd test.gz0 >/dev/null
gzip: unexpected end of file
 
(0000903)
landley
01-09-06 21:58

Fixed a while back.
 

- Issue History
Date Modified Username Field Change
12-07-05 07:13 schweikhardt New Issue
12-07-05 07:13 schweikhardt Status new => assigned
12-07-05 07:13 schweikhardt Assigned To  => BusyBox
12-07-05 07:13 schweikhardt File Added: tst.tgz
12-27-05 03:03 robang74 Note Added: 0000820
12-27-05 03:04 robang74 Issue Monitored: robang74
01-09-06 21:58 landley Status assigned => closed
01-09-06 21:58 landley Note Added: 0000903
01-09-06 21:58 landley Resolution open => fixed
01-09-06 21:58 landley Fixed in Version  => svn
03-05-06 17:23 leon6302 Issue Monitored: leon6302
03-05-06 17:26 leon6302 Issue End Monitor: leon6302


Copyright © 2000 - 2006 Mantis Group
Powered by Mantis Bugtracker