I mistakenly tried to extract a tar file using cpio, and it crashed.
cpio does support tar files for some reason, but this feature seems to
have regressed.
Reproducer: tar --no-recursion -c . | cpio -i
Patch:
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -1431,8 +1431,9 @@ process_copy_in ()
break;
}
- if (file_hdr.c_namesize <= 1)
- file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
+ if (archive_format != arf_tar && archive_format != arf_ustar
+ && file_hdr.c_namesize <= 1)
+ file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
false);
--- END ---
Ben.
By the way, this is related to the comment beginning 'Debian hack:' further up in the file... a comment that is part of the upstream code, not any Debian patch! Ben.
Dear Maintainer,
I'm just confirming that this still occurs with the version in
experimental. Also, it appears to be completely unrelated to whether
the tarball contains "." - I've tested several variations.
Also, here's a minimal reproducer that proves that cpio can't even
handle its own output:
$ touch empty-file; echo empty-file | cpio --format=tar --create | cpio --format=tar --list; rm empty-file
3 blocks
*** Error in `cpio': realloc(): invalid pointer: 0x0000557b4ec97440 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7fc3fc793bcb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76f96)[0x7fc3fc799f96]
/lib/x86_64-linux-gnu/libc.so.6(realloc+0x219)[0x7fc3fc79e5f9]
cpio(+0x19236)[0x557b4ea8c236]
cpio(process_copy_in+0x4bd)[0x557b4ea789dd]
cpio(+0x3e3d)[0x557b4ea76e3d]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7fc3fc7432b1]
cpio(+0x3eda)[0x557b4ea76eda]
======= Memory map: ========
557b4ea73000-557b4ea96000 r-xp 00000000 fd:01 36223789 /bin/cpio
557b4ec95000-557b4ec96000 r--p 00022000 fd:01 36223789 /bin/cpio
557b4ec96000-557b4ec98000 rw-p 00023000 fd:01 36223789 /bin/cpio
557b501d8000-557b501f9000 rw-p 00000000 00:00 0 [heap]
7fc3f8000000-7fc3f8021000 rw-p 00000000 00:00 0
7fc3f8021000-7fc3fc000000 ---p 00000000 00:00 0
7fc3fc463000-7fc3fc479000 r-xp 00000000 fd:01 14942495 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc3fc479000-7fc3fc678000 ---p 00016000 fd:01 14942495 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc3fc678000-7fc3fc679000 r--p 00015000 fd:01 14942495 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc3fc679000-7fc3fc67a000 rw-p 00016000 fd:01 14942495 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc3fc6cb000-7fc3fc71c000 r--p 00000000 fd:01 38939709 /usr/lib/locale/aa_DJ.utf8/LC_CTYPE
7fc3fc723000-7fc3fc8b8000 r-xp 00000000 fd:01 14960680 /lib/x86_64-linux-gnu/libc-2.24.so
7fc3fc8b8000-7fc3fcab7000 ---p 00195000 fd:01 14960680 /lib/x86_64-linux-gnu/libc-2.24.so
7fc3fcab7000-7fc3fcabb000 r--p 00194000 fd:01 14960680 /lib/x86_64-linux-gnu/libc-2.24.so
7fc3fcabb000-7fc3fcabd000 rw-p 00198000 fd:01 14960680 /lib/x86_64-linux-gnu/libc-2.24.so
7fc3fcabd000-7fc3fcac1000 rw-p 00000000 00:00 0
7fc3fcac3000-7fc3fcae6000 r-xp 00000000 fd:01 14942230 /lib/x86_64-linux-gnu/ld-2.24.so
7fc3fcb13000-7fc3fcb14000 r--p 00000000 fd:01 38971026 /usr/lib/locale/aa_ET/LC_NUMERIC
7fc3fcb1b000-7fc3fcb1c000 r--p 00000000 fd:01 38990878 /usr/lib/locale/en_US.utf8/LC_TIME
7fc3fcb23000-7fc3fcc96000 r--p 00000000 fd:01 38861996 /usr/lib/locale/C.UTF-8/LC_COLLATE
7fc3fcc9b000-7fc3fcc9c000 r--p 00000000 fd:01 38987338 /usr/lib/locale/chr_US/LC_MONETARY
7fc3fcca3000-7fc3fcca4000 r--p 00000000 fd:01 38990719 /usr/lib/locale/en_AG/LC_MESSAGES/SYS_LC_MESSAGES
7fc3fccab000-7fc3fccac000 r--p 00000000 fd:01 38987340 /usr/lib/locale/chr_US/LC_PAPER
7fc3fccb3000-7fc3fccb4000 r--p 00000000 fd:01 38987339 /usr/lib/locale/chr_US/LC_NAME
7fc3fccbb000-7fc3fccbc000 r--p 00000000 fd:01 38990876 /usr/lib/locale/en_US.utf8/LC_ADDRESS
7fc3fccc3000-7fc3fccc4000 r--p 00000000 fd:01 38987341 /usr/lib/locale/chr_US/LC_TELEPHONE
7fc3fcccb000-7fc3fcccc000 r--p 00000000 fd:01 38987336 /usr/lib/locale/chr_US/LC_MEASUREMENT
7fc3fccd3000-7fc3fccda000 r--s 00000000 fd:01 38878119 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
7fc3fccdb000-7fc3fccdc000 r--p 00000000 fd:01 38990877 /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
7fc3fcce0000-7fc3fcce6000 rw-p 00000000 00:00 0
7fc3fcce6000-7fc3fcce7000 r--p 00023000 fd:01 14942230 /lib/x86_64-linux-gnu/ld-2.24.so
7fc3fcce7000-7fc3fcce8000 rw-p 00024000 fd:01 14942230 /lib/x86_64-linux-gnu/ld-2.24.so
7fc3fcce8000-7fc3fcce9000 rw-p 00000000 00:00 0
7ffc0414d000-7ffc0416e000 rw-p 00000000 00:00 0 [stack]
7ffc041f3000-7ffc041f5000 r--p 00000000 00:00 0 [vvar]
7ffc041f5000-7ffc041f7000 r-xp 00000000 00:00 0 [vdso]
[1] 3725 done echo empty-file |
3726 done cpio --format=tar --create |
3727 abort (core dumped) cpio --format=tar --list
Properly close this bug, it was marked as fixed already.