I can reproduce this issue with attached deb file.

I add testuser (uid=2097152(010000000)) and create this deb file using
dpkg-deb as testuser. When I put it to current directory and run
"apt-ftparchive packages .", it makes the same error. Next, I create
another deb file as my account(uid=1002) and run apt-ftparchive. no
error. All of process is performed in one client.

It seems that the numeric fields of tar header have the possibility to
store 256bit encoding value.

I also attach patch for apt 0.8.10.

Attachment: test-package_1.0.deb
Description: application/debian-package

# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: nobuhiro.haya...@gmail.com-20101203030909-\
#   5jszx42h2mgb4tkn
# target_branch: nosmart+http://bzr.debian.org/apt/apt/debian-sid/
# testament_sha1: 213067bba94c2969f10b788e9a028a913319b871
# timestamp: 2010-12-03 12:18:32 +0900
# base_revision_id: m...@debian.org-20101130102328-t3e3ey1zmajl0ef6
# 
# Begin patch
=== modified file 'apt-inst/contrib/extracttar.cc'
--- apt-inst/contrib/extracttar.cc	2010-06-09 09:51:21 +0000
+++ apt-inst/contrib/extracttar.cc	2010-12-03 03:09:09 +0000
@@ -195,10 +195,14 @@
       // Decode all of the fields
       pkgDirStream::Item Itm;
       if (StrToNum(Tar->Mode,Itm.Mode,sizeof(Tar->Mode),8) == false ||
-	  StrToNum(Tar->UserID,Itm.UID,sizeof(Tar->UserID),8) == false ||
-	  StrToNum(Tar->GroupID,Itm.GID,sizeof(Tar->GroupID),8) == false ||
-	  StrToNum(Tar->Size,Itm.Size,sizeof(Tar->Size),8) == false ||
-	  StrToNum(Tar->MTime,Itm.MTime,sizeof(Tar->MTime),8) == false ||
+          (Base256ToNum(Tar->UserID,Itm.UID,8) == false &&
+	     StrToNum(Tar->UserID,Itm.UID,sizeof(Tar->UserID),8) == false) ||
+          (Base256ToNum(Tar->GroupID,Itm.GID,8) == false &&
+	     StrToNum(Tar->GroupID,Itm.GID,sizeof(Tar->GroupID),8) == false) ||
+          (Base256ToNum(Tar->Size,Itm.Size,12) == false &&
+	     StrToNum(Tar->Size,Itm.Size,sizeof(Tar->Size),8) == false) ||
+          (Base256ToNum(Tar->MTime,Itm.MTime,12) == false &&
+	     StrToNum(Tar->MTime,Itm.MTime,sizeof(Tar->MTime),8) == false) ||
 	  StrToNum(Tar->Major,Itm.Major,sizeof(Tar->Major),8) == false ||
 	  StrToNum(Tar->Minor,Itm.Minor,sizeof(Tar->Minor),8) == false)
 	 return _error->Error(_("Corrupted archive"));

=== modified file 'apt-pkg/contrib/strutl.cc'
--- apt-pkg/contrib/strutl.cc	2010-09-28 15:27:44 +0000
+++ apt-pkg/contrib/strutl.cc	2010-12-03 03:09:09 +0000
@@ -968,6 +968,24 @@
    return true;
 }
 									/*}}}*/
+// Base256ToNum - Convert a fixed length binary to a number             /*{{{*/
+// ---------------------------------------------------------------------
+/* This is used in decoding the 256bit encoded fixed length fields in
+   tar files */
+bool Base256ToNum(const char *Str,unsigned long &Res,unsigned Len)
+{
+   int i;
+   if ((Str[0] & 0x80) == 0)
+      return false;
+   else
+   {
+      Res = Str[0] & 0x7F;
+      for(i=1; i<Len; i++)
+         Res = (Res<<8) + Str[i];
+      return true;
+   }
+}
+									/*}}}*/
 // HexDigit - Convert a hex character into an integer			/*{{{*/
 // ---------------------------------------------------------------------
 /* Helper for Hex2Num */

=== modified file 'apt-pkg/contrib/strutl.h'
--- apt-pkg/contrib/strutl.h	2010-06-09 11:15:34 +0000
+++ apt-pkg/contrib/strutl.h	2010-12-03 03:09:09 +0000
@@ -52,6 +52,7 @@
 int StringToBool(const string &Text,int Default = -1);
 bool ReadMessages(int Fd, vector<string> &List);
 bool StrToNum(const char *Str,unsigned long &Res,unsigned Len,unsigned Base = 0);
+bool Base256ToNum(const char *Str,unsigned long &Res,unsigned Len);
 bool Hex2Num(const string &Str,unsigned char *Num,unsigned int Length);
 bool TokSplitString(char Tok,char *Input,char **List,
 		    unsigned long ListMax);

# Begin bundle
IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWRtLgngAA4dfgHMwUX///3/n
Xgq////+YAbvvLtugAFaXYaAAADFKanmqZpDExoBNqZBgEGCMgyZGhieoNKnojE9TTQaaeoNABoA
AGgAAABwDCMJpiGAQDIAYRpkyYRgIaCU1E1IyPTU9TaBB6mmEBpkGgGgNNBoAHAMIwmmIYBAMgBh
GmTJhGAhoJJBGgATQCGgjDU0U/0hTGJA/STRkD8qZQ0APIhFpDIpAEFCkoYlXVDXrFMtiegS4zDG
Dj3pG76puFi6m6hlm2Ps7L3QpnnSUpxnSxljog6rTqEI1hQwZkM8bGVQ8TyycFT3pEftW2wytWZJ
CQlRntkbfFCOxE9J4rGnCeIiKEQ8JTSYJMxhvbRLgwSwXqiY1ncpAQ1TZrb+tn7bvSPGxrdMil8o
QCT1TNCiAuhiTnC4MGCxn6qiAHlRtlyE22UZoGI6a5djvkjoIgZVCRACgAwBcZswzjEC5bMBISEg
1IqVq9Gnq+JidjGlD2+7lSnjU98iR0Aw4GTDcC0nO4vXYmEbhEQLlG0uiXMLtZ11MZenqOyQALbU
TuCJNskPlguGAXr/4OMw+kvHang9fFYzJJnCwfpc7R49SDWtZrHoCCgAOEOEeBJA/3nsLCA8kInE
OHvYYoFSFP7lKDr2KRXak5o1j0g99bl4FX5/UgIuiHk6XLRTs+1arhqHlBE+QTLCaa80mx9hegnh
2bTMuIw8rQrKwcZFo0jnVE1Nxagh3ADxDnoHXj9hrXxeXYm/WBCgIGvInWDiIE48gXF4jvEfODyO
clcCKi82m+tRKJp2ZWjF+Q4kxeYF6crSu+utz3NwlGMxGgHFwO9BDFrSplwJFBtJprAxQX2fUoKM
REr8KM4NSQNBUKDPMKjodkOxpe95bJMBWWWU10jgqJjcIhqeMMRrtMiszGMDCJSs0XjkpDVjFpdB
rHDhxfhaRLSdpSIEIlpkdb4JFqNUxSS3a8pXt2dYpKnIdoOdjSazAvImhxoM9ciNRhQZ4UmI4167
zApKp9Vl1+IiisckRGhTIkQmJXj78IwLrmd6Tmo+Di5MlWKhk5WQvtHCiiMAcoLuH3zP9KqyYQTa
NJVpbahcJ8kJ3WkAN8kPvhjCu1iy1MOGFXQg2/BeF7nzvJN2iewvio8UHkqp2ESGdMwUagkmQqfS
CMi8xiFrhLLQrWMv04ePfhAic1yCVDDOQac0iHz+/9DKdBGTDfkfcK5mYE3+UcTFmZmZicknrib+
AuInoPYLj/A2oIqZfNBdYMhopISiBrpcEmZ16huQGmHgchIYTEUy+EheCBjDgTHz8YKhqUyFwscK
BgRQoCuERaCAbddIHrtDZFClOgpIFnoCdvF4rIRJBTzb/sk4Fgof6sSI7jUZHWeYjgZEBjpzNdu4
3hHhGv5HLeg5AvMggfWVdwz0H7oMjib6Ow3PEE6wOzN8TRQkibxJu8ig/q2zJl9MipEENWIuKA1H
Ue7NX6y8LoOoSumYtvau54T76SEJQbYiAkK5VaK1TnkcZ8emtWB0m2zucr1AWBgiga2vxIELT38G
Tjea/9piwmXimSyD0Qbqh+VwZ/+o1hV6IuUysBUJd3MoR286OcfedpFhjkSOBpQSNhpN50BWEx8F
7U4XP+LlX+kFpWgRwA9gKoPyS1E5sPdhrEMkHABgekQLrYgu0F8qJdugUqNbjxikfrntBkHcgapA
2odd9EG8sOVnl1hOG8FOI0IkThbQLKiGPRB9QjJCdd3CMKmtOKJJd2C8hFWw0U7mxjpFmI5xuFQm
SGTu09VchxFBmNN0M8g5B1JYujSkwhkKkBl8AXvXQo1InB39uaB7BGZPuqogHuY6SRFp2Z6MCcIv
Xyg8IIGQsgnuhEeKN4OcM8negbH8cC1DKhBiE5RQJmSeVj1Dou0MkcF2JHr1pHSo01hOUkQFUL6o
GDPIpQRPXqK0X3i4py+L1ZFb9CwQYhp5+ZEweVAVUTzjaadiJ7BwJ7MJwDxXiLooPRB2OEcirjir
GT6VXOgaT0602grY3h5qZTsRTpMPXfIcQYiMN2kN6CIDVea1osCILs5wkIgvMKkVkRpC7BvARTz0
3DS+1i7ksEpDiK+gpay57OFPMOM6xxwEZn3AfSKpckFboQHEmR7cHGZAuP4m3CHWC6/BIoNwQNCt
qLqBpwsEe1dpy/bbxEfgdIu1aikCy1hyc7lQhRQv5LrnxEY+H/T9PUIBBvQh/8XckU4UJAbS4J4A

Reply via email to