Bug#962188: cpio: Wrong CRC with new ASCII format when file > 2GB

Thu, 04 Jun 2020 03:42:25 -0700 

Package: cpio
Version: 2.13+dfsg-2
Severity: normal

Dear Maintainer,

CRC is wrongly computed if filesize > 2GB and when new ASCII format is chosen 
due to wrong signedness.
The attached patch fixes this.

To check this, just create a file > 2GB and run CPIO with the options "cpio -ov 
-H crc"

Checksum for large files are set to 0 due to the bug. cpio itself does not 
check them when unpackiung
(a different bug ?), but programs relying on the format and on the CRC comply 
with error.

Bug is present in all cpio releases.

-- System Information:
Debian Release: bullseye/sid
  APT prefers focal-updates
  APT policy: (500, 'focal-updates'), (500, 'focal-security'), (500, 'focal'), 
(100, 'focal-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-33-generic (SMP w/32 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cpio depends on:
ii  libc6  2.31-0ubuntu9

cpio recommends no packages.

Versions of packages cpio suggests:
pn  libarchive1  <none>

-- no debconf information

>From 77ff5f1be394eb2c786df561ff37dde7f982ec76 Mon Sep 17 00:00:00 2001
From: Stefano Babic <sba...@denx.de>
Date: Fri, 28 Jul 2017 13:20:52 +0200
Subject: [PATCH] Wrong CRC with ASCII CRC for large files

Due to signedness, the checksum is not computed when filesize is bigger
a 2GB.

Signed-off-by: Stefano Babic <sba...@denx.de>
---
 src/copyout.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/copyout.c b/src/copyout.c
index 1f0987a..727aeca 100644
--- a/src/copyout.c
+++ b/src/copyout.c
@@ -34,13 +34,13 @@
    compute and return a checksum for them.  */
 
 static uint32_t
-read_for_checksum (int in_file_des, int file_size, char *file_name)
+read_for_checksum (int in_file_des, unsigned int file_size, char *file_name)
 {
   uint32_t crc;
   char buf[BUFSIZ];
-  int bytes_left;
-  int bytes_read;
-  int i;
+  unsigned int bytes_left;
+  unsigned int bytes_read;
+  unsigned int i;
 
   crc = 0;
 
-- 
2.7.4

Reply via email to