Hey folks, any response on this?
> Hello,
>
> I've bumped into strange tar behavior - it's unable to decompress a
> previously compressed archive:
>
> % file test.tar.gz
> test.tar.gz: gzip compressed data, from Unix, last modified: Fri Dec 21
> 13:00:50 2012
> % tar -xf test.tar.gz -C out && echo "Success"
> tar: This does not look like a tar archive
> tar: Exiting with failure status due to previous errors
> % tar -xf test.tar.gz && echo "Success"
> Success
>
> Here's the content of the file. In contains nothing but an empty directory:
> % cat test.tar.gz | base64
> H4sIAFIz1FAAA+3PMQqDQBCF4TnK3sAZddzjiAERCaywccn1NUUghWgjqf6vecW84s2cl/Re8nPM
> /WsdpjlNldxNdzH6Jy26/uaXWK2da2Nem6i1rXUS/PYlB8r+dg5ByqOktZz0Lu4A
> APzRBndnEVwAKAAA
>
> I've made a quick research and found out that src/list.c:tar_checksum function
> wrongly interprets this file as a plain tar archive instead of gzipped tar due
> checksum collision (signed_sum == recorded_sum == 0):
>
> (gdb) run -xvf ../iw.tgz.bak
> Starting program: /home/m0use/work/tar-bug/tar/src/tar -xvf ../iw.tgz.bak
> warning: Could not load shared library symbols for linux-vdso.so.1.
> Do you need "set solib-search-path" or "set sysroot"?
>
> Breakpoint 1, tar_checksum (header=, silent=silent@entry=true)
> at list.c:350
> 350 if (unsigned_sum != recorded_sum && signed_sum != recorded_sum)
> (gdb) p signed_sum
> $1 = 0
> (gdb) p recorded_sum
> $2 = 0
>
> So, tar_checksum function returns HEADER_SUCCESS in case of gzipped tar file,
> what's wrong.
> Here's a couple of patches which fixes the case from my perspective.
> Please, review when you have a chance.
> Thanks!
>
>
> Alexander Kolesen (2):
> check_compressed_archive: check for compressed signatures first prior
> to checking tar checksum
> init_buffer: zero-fill allocated memory to prevent examing a junk
>
> src/buffer.c | 14 +-
> 1 file changed, 9 insertions(+), 5 deletions(-)
signature.asc
Description: Digital signature
