[Bug 2062535] Re: zip fails when filenames contain unicode characters

Shengjing Zhu 2062535 at bugs.launchpad.net
Thu Nov 21 09:05:52 UTC 2024 

root at o-ct-1:~# touch ä
root at o-ct-1:~# zip x.zip ä
*** buffer overflow detected ***: terminated


zip error: Interrupted (aborting)
root at o-ct-1:~# apt install -t oracular-proposed zip
Upgrading:                      
  zip

Summary:
  Upgrading: 1, Installing: 0, Removing: 0, Not Upgrading: 12
  Download size: 175 kB
  Space needed: 0 B / 249 GB available

0% [Working]
Get:1 http://security.ubuntu.com/ubuntu oracular-proposed/main amd64 zip amd64 3.0-14ubuntu0.1 [175 kB]
Fetched 175 kB in 2s (98.8 kB/s)
(Reading database ... 16074 files and directories currently installed.)
Preparing to unpack .../zip_3.0-14ubuntu0.1_amd64.deb ...
Unpacking zip (3.0-14ubuntu0.1) over (3.0-14) ...
Setting up zip (3.0-14ubuntu0.1) ...
root at o-ct-1:~# zip x.zip ä
  adding: ä (stored 0%)
root at o-ct-1:~# 


** Tags removed: verification-needed verification-needed-oracular
** Tags added: verification-done verification-done-oracular

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to zip in Ubuntu.
https://bugs.launchpad.net/bugs/2062535

Title:
  zip fails when filenames contain unicode characters

Status in zip package in Ubuntu:
  Fix Released
Status in zip source package in Noble:
  Fix Committed
Status in zip source package in Oracular:
  Fix Committed
Status in zip source package in Plucky:
  Fix Released

Bug description:
  [ Impact ]

   * zip in noble is built with _FORTIFY_SOURCE=3 and the code is bug
  with buffer overflow when filename contains non ascii characters. So
  it crashes at runtime.

  [ Test Plan ]

   * install zip from proposed
   * run following commands:
     touch ä
     zip x.zip ä
   * It shouldn't crash.

  [ Where problems could occur ]

   * The patch has been included in fedora 40 and tested there.
   * If the patch is still wrong to calculate the buffer size, zip continues to crash.

  [ Other Info ]

   * None

  [Original description]

  Steps to reproduce: command line
  $ touch ä
  $ zip x.zip ä

  will result in

  > *** buffer overflow detected ***: terminated
  >
  >
  > zip error: Interrupted (aborting)

  cf. https://bugzilla.redhat.com/show_bug.cgi?id=2165653

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: zip 3.0-13build1
  Uname: Linux 6.8.6-060806-generic x86_64
  ApportVersion: 2.28.1-0ubuntu1
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: XFCE
  Date: Fri Apr 19 12:34:09 2024
  SourcePackage: zip
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zip/+bug/2062535/+subscriptions

More information about the foundations-bugs mailing list