#1002008 rsync: integer overflow in rsync

Package:
rsync
Source:
rsync
Description:
fast, versatile, remote (and local) file-copying tool
Submitter:
Vincent Lefevre
Date:
2026-05-19 08:51:02 UTC
Severity:
important
Tags:
#1002008#5
Date:
2021-12-20 09:39:08 UTC
From:
To:
There is apparently an integer overflow somewhere in rsync.
When using

  rsync -rlptzv --progress <remote> <local>

to update a big file (870 MB), an unexpected large negative integer
was displayed for a short period. I didn't have the time to copy-paste
the output, bug the integer was so large that it wasn't erased
completely. I got progress lines like:

    255,484,704  28%   13.39MB/s    0:00:47  -8:-8

with "-8:-8" left over.

This might be a security issue. I also wonder whether due to internal
inconsistencies, files may incorrectly be rsync'ed.
#1002008#10
Date:
2026-05-19 08:49:40 UTC
From:
To:
Hello Vincent,
thank you for the report.

I contacted upstream on a non-public channel and asked for judgment.

Next time when you mean to notice a security issue please do not post
it in public somewhere. Every project has channels to submit security
issues.

Regards,
Christian