Package: zlib1g
Version: 1:1.2.3.3.dfsg-12
Severity: normal

gzrecover (from gzrt) crashes with a SIGSEGV in inflate from zlib when
trying to recover the attached flasm_1.61-1.diff.gz (corrupted with 1
bit - byte 0xB41 should be 0x02 not 0x12). It crashes half way through
the output of the recovered file. gzrecover also crashes in inflate with
the non-corrupted version (also attached). Backtraces for both below...

The backtrace for the non-corrupted version:

(gdb) bt
#0  0x00007fb864c339cc in inflate (strm=0x7fff6d05a0f0, flush=0) at 
inflate.c:782
#1  0x00000000004012f7 in main (argc=2, argv=0x7fff6d05a288) at gzrecover.c:253
(gdb) bt full
#0  0x00007fb864c339cc in inflate (strm=0x7fff6d05a0f0, flush=0) at 
inflate.c:782
        next = (unsigned char *) 0x7fb764f40e3f <Address 0x7fb764f40e3f out of 
bounds>
        put = (
    unsigned char *) 0xd95050 "m\017\017w#�]rm-1.61.orig/debian/dirs\n+++ 
flasm-1.61/debian/dirs\n@@ -0,0 +1,2 @@\n+etc\n+usr/bin\n--- 
flasm-1.61.orig/debian/docs\n+++ flasm-1.61/debian/docs\n@@ -0,0 +1,3 
@@\n+flasm.html\n+classic.css\n+logo.gif \n"...
        have = 4294959036
        left = 65536
        hold = 0
        bits = 0
        in = <value optimized out>
        out = 65536
        copy = 4200016
        from = (unsigned char *) 0x7fff6d05a080 "��\005m�\177"
        len = 14307540
        ret = 0
        hbuf = "��\005m"
        order = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 
15}
#1  0x00000000004012f7 in main (argc=2, argv=0x7fff6d05a288) at gzrecover.c:253
        opt = -1
        rc = 1
        ifd = 5
        ofd = 6
        founderr = 0
        foundgood = 1
        bytes_read = 3561
        errpos = 1048575
        errinc = 0
        infile = 0x7fff6d05b55a "flasm_1.61-1.diff"
        inbuf = (unsigned char *) 0x7fb864f3e010 "\037\213\b"
        outbuf = (
    unsigned char *) 0xd95050 "m\017\017w#�]rm-1.61.orig/debian/dirs\n+++ 
flasm-1.61/debian/dirs\n@@ -0,0 +1,2 @@\n+etc\n+usr/bin\n--- 
flasm-1.61.orig/debian/docs\n+++ flasm-1.61/debian/docs\n@@ -0,0 +1,3 
@@\n+flasm.html\n+classic.css\n+logo.gif \n"...
        d_stream = {next_in = 0x7fb764f40e3f <Address 0x7fb764f40e3f out of 
bounds>, avail_in = 4294959036, total_in = 0, 
  next_out = 0xd95050 "m\017\017w#�]rm-1.61.orig/debian/dirs\n+++ 
flasm-1.61/debian/dirs\n@@ -0,0 +1,2 @@\n+etc\n+usr/bin\n--- 
flasm-1.61.orig/debian/docs\n+++ flasm-1.61/debian/docs\n@@ -0,0 +1,3 
@@\n+flasm.html\n+classic.css\n+logo.gif \n"..., avail_out = 65536, total_out = 
0, msg = 0x0, state = 0xda5060, zalloc = 0x7fb864c329d0 <zcalloc>, 
  zfree = 0x7fb864c329c0 <zcfree>, opaque = 0x0, data_type = 0, adler = 1, 
reserved = 0}

The backtrace for the corrupted version:

(gdb) bt
#0  0x00007ff5fa8df9cc in inflate (strm=0x7fff02d04d90, flush=0) at 
inflate.c:782
#1  0x00000000004012f7 in main (argc=2, argv=0x7fff02d04f28) at gzrecover.c:253
(gdb) bt full
#0  0x00007ff5fa8df9cc in inflate (strm=0x7fff02d04d90, flush=0) at 
inflate.c:782
        next = (unsigned char *) 0x7ff4fabec481 <Address 0x7ff4fabec481 out of 
bounds>
        put = (unsigned char *) 0x1000050 "�", '�' <repeats 116 times>, 
"\210\201/\177�++ flasm-1.61/debian/docs\n@@ -0,0 +1,3 
@@\n+flasm.html\n+classic.css\n+logo.gif \n"...
        have = 4294961530
        left = 65536
        hold = 0
        bits = 0
        in = <value optimized out>
        out = 65536
        copy = 4200016
        from = (unsigned char *) 0x7fff02d04d20 "`M�\002�\177"
        len = 16842964
        ret = 0
        hbuf = "`M�\002"
        order = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 
15}
#1  0x00000000004012f7 in main (argc=2, argv=0x7fff02d04f28) at gzrecover.c:253
        opt = -1
        rc = 1
        ifd = 5
        ofd = 6
        founderr = 0
        foundgood = 1
        bytes_read = 3561
        errpos = 1048575
        errinc = 0
        infile = 0x7fff02d06556 "flasm_1.61-1.diff"
        inbuf = (unsigned char *) 0x7ff5fabea010 "\037\213\b"
        outbuf = (unsigned char *) 0x1000050 "�", '�' <repeats 116 times>, 
"\210\201/\177�++ flasm-1.61/debian/docs\n@@ -0,0 +1,3 
@@\n+flasm.html\n+classic.css\n+logo.gif \n"...
        d_stream = {next_in = 0x7ff4fabec481 <Address 0x7ff4fabec481 out of 
bounds>, avail_in = 4294961530, total_in = 0, 
  next_out = 0x1000050 "�", '�' <repeats 116 times>, "\210\201/\177�++ 
flasm-1.61/debian/docs\n@@ -0,0 +1,3 @@\n+flasm.html\n+classic.css\n+logo.gif 
\n"..., avail_out = 65536, 
  total_out = 0, msg = 0x0, state = 0x1010060, zalloc = 0x7ff5fa8de9d0 
<zcalloc>, zfree = 0x7ff5fa8de9c0 <zcfree>, opaque = 0x0, data_type = 0, adler 
= 1, reserved = 0}


-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (700, 'testing'), (600, 'unstable'), (550, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages zlib1g depends on:
ii  libc6                         2.7-16     GNU C Library: Shared libraries

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Attachment: flasm_1.61-1.diff.gz
Description: corrupted

Attachment: flasm_1.61-1.diff.gz
Description: non-corrupted

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to