Fabre

#1009846 nsis: Crash of makensis when size of installed files exceeds 2 GiB #1009846

Package:: nsis

Source:: nsis

Description:: Nullsoft Scriptable Install System (modified for Debian)

Submitter:: Stefan Weil

Date:: 2022-04-21 17:48:03 UTC

Severity:: important

Tags:

#1009846#5

Date:: 2022-04-19 03:24:03 UTC

From:

To:

All current versions of makensis (which is part of the nsis package) crash
when the total size of the installed files exceeds 2 GiB and compression
option /SOLID is set. I tested both the nsis package which is part of
Debian bullseye and a newer locally built version.

The crash is caused by an 32 bit integer overflow, at least in Source/mmap.cpp.
I observer SIGBUS, SIGSEGV and mmap related error messages, depending on the
files which were to be installed.

The bug can be avoided by removing /SOLID, so instead of whole file compression
only the single installed files get compressed, but that results in a larger
installer.

Fixing the bug would require lots of code changes, mainly replacing "int"
by "unsigned int" (which would have a limit at 4 GiB) or "size_t".

A check for integer overflow and aborting with an reasonable error message
would be easier to implement.

#1009846 nsis: Crash of makensis when size of installed files exceeds 2 GiB #1009846

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)