[Bug 2093024] Re: zip crashes when using options -T and -TT
Skia
2093024 at bugs.launchpad.net
Fri Jan 17 16:25:24 UTC 2025
** Description changed:
+ [ Impact ]
+
Running zip command with -T -TT arguments causes zip process to crash
due to buffer overflow. See below:
-
$ zip a.zip /etc/hosts -T -TT "ls"
- adding: etc/hosts (deflated 35%)
+ adding: etc/hosts (deflated 35%)
*** buffer overflow detected ***: terminated
-
zip error: Interrupted (aborting)
free(): double free detected in tcache 2
+
+ [ Test Plan ]
+
+ $ zip a.zip /etc/hosts -T -TT "ls"
+ adding: etc/hosts (deflated 41%)
+ ziAEBMZH
+ test of a.zip OK
+
+ This is what should be displayed with a working `zip` package. If you
+ still have the crash described just above, then the verification is
+ failed.
+
+ Additionally, a dep8 test covering this test case has been added to the
+ package.
+
+ [ Where problems could occur ]
+
+ Considering that the patch is just a buffer size increase by 1, it should be pretty safe. However, as with every update, there is always a chance that something goes wrong, and `zip` is even more broken than before. The dep8 test added in this new version at least verifies that a basic usage of the tool is working.
+ Additionally, since this is a simple CLI tool, it's quite easy to verify that it's not completely broken.
+
+ [ Other Info ]
+
+ N/A
+
+
+ [Original description]
+
+ Running zip command with -T -TT arguments causes zip process to crash
+ due to buffer overflow. See below:
+
+ $ zip a.zip /etc/hosts -T -TT "ls"
+ adding: etc/hosts (deflated 35%)
+ *** buffer overflow detected ***: terminated
+
+ zip error: Interrupted (aborting)
+ free(): double free detected in tcache 2
$ lsb_release -rd
OS: Ubuntu 24.04.1 LTS
$ apt-cache policy zip
zip:
- Installed: 3.0-13ubuntu0.1
- Candidate: 3.0-13ubuntu0.1
- Version table:
- *** 3.0-13ubuntu0.1 500
- 500 http://pl.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
- 100 /var/lib/dpkg/status
- 3.0-13build1 500
- 500 http://pl.archive.ubuntu.com/ubuntu noble/main amd64 Packages
-
+ Installed: 3.0-13ubuntu0.1
+ Candidate: 3.0-13ubuntu0.1
+ Version table:
+ *** 3.0-13ubuntu0.1 500
+ 500 http://pl.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
+ 100 /var/lib/dpkg/status
+ 3.0-13build1 500
+ 500 http://pl.archive.ubuntu.com/ubuntu noble/main amd64 Packages
In addition to that I tested various docker images - here are the results:
- ubuntu:24.10 at sha256:102bc1874fdb136fc2d218473f03cf84135cb7496fefdb9c026c0f553cfe1b6d - zip 3.0-14ubuntu0.1 - issue occurs
- ubuntu:24.04 at sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab - zip 3.0-13ubuntu0.1 - issue occurs
- ubuntu:20.04 at sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b - zip 3.0-11build1 - issue does not occur
- debian:bookworm at sha256:b877a1a3fdf02469440f1768cf69c9771338a875b7add5e80c45b756c92ac20a - zip 3.0-13 - issue does not occur
** Summary changed:
- zip crashes when using options -T and -TT
+ [SRU] zip crashes when using options -T and -TT
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to zip in Ubuntu.
https://bugs.launchpad.net/bugs/2093024
Title:
[SRU] zip crashes when using options -T and -TT
Status in zip package in Ubuntu:
Confirmed
Status in zip source package in Noble:
Confirmed
Status in zip source package in Oracular:
Confirmed
Status in zip source package in Plucky:
Confirmed
Bug description:
[ Impact ]
Running zip command with -T -TT arguments causes zip process to crash
due to buffer overflow. See below:
$ zip a.zip /etc/hosts -T -TT "ls"
adding: etc/hosts (deflated 35%)
*** buffer overflow detected ***: terminated
zip error: Interrupted (aborting)
free(): double free detected in tcache 2
[ Test Plan ]
$ zip a.zip /etc/hosts -T -TT "ls"
adding: etc/hosts (deflated 41%)
ziAEBMZH
test of a.zip OK
This is what should be displayed with a working `zip` package. If you
still have the crash described just above, then the verification is
failed.
Additionally, a dep8 test covering this test case has been added to
the package.
[ Where problems could occur ]
Considering that the patch is just a buffer size increase by 1, it should be pretty safe. However, as with every update, there is always a chance that something goes wrong, and `zip` is even more broken than before. The dep8 test added in this new version at least verifies that a basic usage of the tool is working.
Additionally, since this is a simple CLI tool, it's quite easy to verify that it's not completely broken.
[ Other Info ]
N/A
[Original description]
Running zip command with -T -TT arguments causes zip process to crash
due to buffer overflow. See below:
$ zip a.zip /etc/hosts -T -TT "ls"
adding: etc/hosts (deflated 35%)
*** buffer overflow detected ***: terminated
zip error: Interrupted (aborting)
free(): double free detected in tcache 2
$ lsb_release -rd
OS: Ubuntu 24.04.1 LTS
$ apt-cache policy zip
zip:
Installed: 3.0-13ubuntu0.1
Candidate: 3.0-13ubuntu0.1
Version table:
*** 3.0-13ubuntu0.1 500
500 http://pl.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
100 /var/lib/dpkg/status
3.0-13build1 500
500 http://pl.archive.ubuntu.com/ubuntu noble/main amd64 Packages
In addition to that I tested various docker images - here are the results:
- ubuntu:24.10 at sha256:102bc1874fdb136fc2d218473f03cf84135cb7496fefdb9c026c0f553cfe1b6d - zip 3.0-14ubuntu0.1 - issue occurs
- ubuntu:24.04 at sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab - zip 3.0-13ubuntu0.1 - issue occurs
- ubuntu:20.04 at sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b - zip 3.0-11build1 - issue does not occur
- debian:bookworm at sha256:b877a1a3fdf02469440f1768cf69c9771338a875b7add5e80c45b756c92ac20a - zip 3.0-13 - issue does not occur
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zip/+bug/2093024/+subscriptions
More information about the foundations-bugs
mailing list