Package: dpkg Version: 1.10.9 Kernel: Linux debian 2.4.21-rc1-ac2 #3 Tue Apr 29 20:06:05 CEST 2003 i686 unknown unknown GNU/Linux libc: 2.3.1-16
Affected: dpkg-1.10.9 and earlier Dear dpkg maintainer! As several people before reported before, 'md5sum' fails with a non-intuitive message "success" when called on files larger than 2GB. Example: wagner /aux/v>ls -al aux.tar -rw-r--r-- 1 wagner users 3928698880 May 12 01:26 aux.tar wagner /aux/v>md5sum aux.tar aux.tar: Success however: wagner /aux/v>cat aux.tar | md5sum ecd7d51416837f891a344ccb61e39dc3 - A look into the code of md5sum.c revealed that for reads from stdin the function 'fd_md5' is called without result checking, while for file arguments it is called with result checking. The result type of 'fd_md5' is 'ssize_t', which on some platforms (e.g. i386) is a 32 bit signed int. It seems that the result of 'fd_md5' is the number of bytes processed. When this number overflows, 'fd_md5' may return a negative result. The error handling code then incorrectly detects an error and calls 'perror' which outputs 'Success', since no error actually happened. Fix: Explicitely check 'errno' when 'fd_md5' returns a negative result. This should allways work, regardless of platform or size of 'ssize_t'. Diff: diff dpkg-1.10.9/utils/md5sum.c dpkg-1.10.9-patched/utils/md5sum.c 23a24 > #include <errno.h> 198a200,205 > /* Since on some systems 'ssize_t' is only 32 bit, > * 'fd_md5' may return < 0 on files > 2GB. > * Do additional checking to be sure errors are > * actually errors and not numeric overflows. > */ > errno = 0; 200c207 < if ( ret >= 0 ) --- > if ( ret >= 0 || errno == 0 ) Regards, Arno Wagner -- Arno Wagner, Communication Systems Group, ETH Zuerich, [EMAIL PROTECTED] GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
