[Bug 2062535] Re: zip fails when filenames contain unicode characters

Shengjing Zhu 2062535 at bugs.launchpad.net
Wed Nov 6 10:01:44 UTC 2024 

** Description changed:

+ [ Impact ]
+ 
+  * zip in noble is built with _FORTIFY_SOURCE=3 and the code is bug with
+ buffer overflow when filename contains non ascii characters. So it
+ crashes at runtime.
+ 
+ [ Test Plan ]
+ 
+  * install zip from proposed
+  * run following commands:
+    touch ä
+    zip x.zip ä
+  * It shouldn't crash.
+ 
+ [ Where problems could occur ]
+ 
+  * The patch has been included in fedora 40 and tested there.
+  * If the patch is still wrong to calculate the buffer size, zip continues to crash.
+ 
+ [ Other Info ]
+ 
+  * None
+ 
+ [Original description]
+ 
  Steps to reproduce: command line
  $ touch ä
  $ zip x.zip ä
  
  will result in
  
  > *** buffer overflow detected ***: terminated
- > 
- > 
+ >
+ >
  > zip error: Interrupted (aborting)
  
  cf. https://bugzilla.redhat.com/show_bug.cgi?id=2165653
  
  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: zip 3.0-13build1
  Uname: Linux 6.8.6-060806-generic x86_64
  ApportVersion: 2.28.1-0ubuntu1
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: XFCE
  Date: Fri Apr 19 12:34:09 2024
  SourcePackage: zip
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to zip in Ubuntu.
https://bugs.launchpad.net/bugs/2062535

Title:
  zip fails when filenames contain unicode characters

Status in zip package in Ubuntu:
  Fix Committed
Status in zip source package in Noble:
  Confirmed
Status in zip source package in Oracular:
  Confirmed
Status in zip source package in Plucky:
  Fix Committed

Bug description:
  [ Impact ]

   * zip in noble is built with _FORTIFY_SOURCE=3 and the code is bug
  with buffer overflow when filename contains non ascii characters. So
  it crashes at runtime.

  [ Test Plan ]

   * install zip from proposed
   * run following commands:
     touch ä
     zip x.zip ä
   * It shouldn't crash.

  [ Where problems could occur ]

   * The patch has been included in fedora 40 and tested there.
   * If the patch is still wrong to calculate the buffer size, zip continues to crash.

  [ Other Info ]

   * None

  [Original description]

  Steps to reproduce: command line
  $ touch ä
  $ zip x.zip ä

  will result in

  > *** buffer overflow detected ***: terminated
  >
  >
  > zip error: Interrupted (aborting)

  cf. https://bugzilla.redhat.com/show_bug.cgi?id=2165653

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: zip 3.0-13build1
  Uname: Linux 6.8.6-060806-generic x86_64
  ApportVersion: 2.28.1-0ubuntu1
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: XFCE
  Date: Fri Apr 19 12:34:09 2024
  SourcePackage: zip
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zip/+bug/2062535/+subscriptions

More information about the foundations-bugs mailing list