#851632 cpio: Crashes when extracting tar file containing '.'

Package:
cpio
Source:
cpio
Description:
GNU cpio -- a program to manage archives of files
Submitter:
Ben Hutchings
Date:
2025-08-11 20:49:03 UTC
Severity:
important
Tags:
#851632#5
Date:
2017-01-17 03:30:00 UTC
From:
To:
I mistakenly tried to extract a tar file using cpio, and it crashed.
cpio does support tar files for some reason, but this feature seems to
have regressed.

Reproducer: tar --no-recursion -c . | cpio -i

Patch:
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -1431,8 +1431,9 @@ process_copy_in ()
 	  break;
 	}

-      if (file_hdr.c_namesize <= 1)
-        file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
+      if (archive_format != arf_tar && archive_format != arf_ustar
+	  && file_hdr.c_namesize <= 1)
+	file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
       cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
 			      false);
--- END --- Ben.
#851632#10
Date:
2017-01-17 03:37:26 UTC
From:
To:
By the way, this is related to the comment beginning 'Debian hack:'
further up in the file... a comment that is part of the upstream code,
not any Debian patch!

Ben.

#851632#15
Date:
2017-02-04 01:56:52 UTC
From:
To:
Dear Maintainer,

I'm just confirming that this still occurs with the version in
experimental. Also, it appears to be completely unrelated to whether
the tarball contains "." - I've tested several variations.

Also, here's a minimal reproducer that proves that cpio can't even
handle its own output:

$ touch empty-file; echo empty-file | cpio --format=tar --create | cpio --format=tar --list; rm empty-file
3 blocks
*** Error in `cpio': realloc(): invalid pointer: 0x0000557b4ec97440 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7fc3fc793bcb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76f96)[0x7fc3fc799f96]
/lib/x86_64-linux-gnu/libc.so.6(realloc+0x219)[0x7fc3fc79e5f9]
cpio(+0x19236)[0x557b4ea8c236]
cpio(process_copy_in+0x4bd)[0x557b4ea789dd]
cpio(+0x3e3d)[0x557b4ea76e3d]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7fc3fc7432b1]
cpio(+0x3eda)[0x557b4ea76eda]
======= Memory map: ========
557b4ea73000-557b4ea96000 r-xp 00000000 fd:01 36223789                   /bin/cpio
557b4ec95000-557b4ec96000 r--p 00022000 fd:01 36223789                   /bin/cpio
557b4ec96000-557b4ec98000 rw-p 00023000 fd:01 36223789                   /bin/cpio
557b501d8000-557b501f9000 rw-p 00000000 00:00 0                          [heap]
7fc3f8000000-7fc3f8021000 rw-p 00000000 00:00 0
7fc3f8021000-7fc3fc000000 ---p 00000000 00:00 0
7fc3fc463000-7fc3fc479000 r-xp 00000000 fd:01 14942495                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc3fc479000-7fc3fc678000 ---p 00016000 fd:01 14942495                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc3fc678000-7fc3fc679000 r--p 00015000 fd:01 14942495                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc3fc679000-7fc3fc67a000 rw-p 00016000 fd:01 14942495                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc3fc6cb000-7fc3fc71c000 r--p 00000000 fd:01 38939709                   /usr/lib/locale/aa_DJ.utf8/LC_CTYPE
7fc3fc723000-7fc3fc8b8000 r-xp 00000000 fd:01 14960680                   /lib/x86_64-linux-gnu/libc-2.24.so
7fc3fc8b8000-7fc3fcab7000 ---p 00195000 fd:01 14960680                   /lib/x86_64-linux-gnu/libc-2.24.so
7fc3fcab7000-7fc3fcabb000 r--p 00194000 fd:01 14960680                   /lib/x86_64-linux-gnu/libc-2.24.so
7fc3fcabb000-7fc3fcabd000 rw-p 00198000 fd:01 14960680                   /lib/x86_64-linux-gnu/libc-2.24.so
7fc3fcabd000-7fc3fcac1000 rw-p 00000000 00:00 0
7fc3fcac3000-7fc3fcae6000 r-xp 00000000 fd:01 14942230                   /lib/x86_64-linux-gnu/ld-2.24.so
7fc3fcb13000-7fc3fcb14000 r--p 00000000 fd:01 38971026                   /usr/lib/locale/aa_ET/LC_NUMERIC
7fc3fcb1b000-7fc3fcb1c000 r--p 00000000 fd:01 38990878                   /usr/lib/locale/en_US.utf8/LC_TIME
7fc3fcb23000-7fc3fcc96000 r--p 00000000 fd:01 38861996                   /usr/lib/locale/C.UTF-8/LC_COLLATE
7fc3fcc9b000-7fc3fcc9c000 r--p 00000000 fd:01 38987338                   /usr/lib/locale/chr_US/LC_MONETARY
7fc3fcca3000-7fc3fcca4000 r--p 00000000 fd:01 38990719                   /usr/lib/locale/en_AG/LC_MESSAGES/SYS_LC_MESSAGES
7fc3fccab000-7fc3fccac000 r--p 00000000 fd:01 38987340                   /usr/lib/locale/chr_US/LC_PAPER
7fc3fccb3000-7fc3fccb4000 r--p 00000000 fd:01 38987339                   /usr/lib/locale/chr_US/LC_NAME
7fc3fccbb000-7fc3fccbc000 r--p 00000000 fd:01 38990876                   /usr/lib/locale/en_US.utf8/LC_ADDRESS
7fc3fccc3000-7fc3fccc4000 r--p 00000000 fd:01 38987341                   /usr/lib/locale/chr_US/LC_TELEPHONE
7fc3fcccb000-7fc3fcccc000 r--p 00000000 fd:01 38987336                   /usr/lib/locale/chr_US/LC_MEASUREMENT
7fc3fccd3000-7fc3fccda000 r--s 00000000 fd:01 38878119                   /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
7fc3fccdb000-7fc3fccdc000 r--p 00000000 fd:01 38990877                   /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
7fc3fcce0000-7fc3fcce6000 rw-p 00000000 00:00 0
7fc3fcce6000-7fc3fcce7000 r--p 00023000 fd:01 14942230                   /lib/x86_64-linux-gnu/ld-2.24.so
7fc3fcce7000-7fc3fcce8000 rw-p 00024000 fd:01 14942230                   /lib/x86_64-linux-gnu/ld-2.24.so
7fc3fcce8000-7fc3fcce9000 rw-p 00000000 00:00 0
7ffc0414d000-7ffc0416e000 rw-p 00000000 00:00 0                          [stack]
7ffc041f3000-7ffc041f5000 r--p 00000000 00:00 0                          [vvar]
7ffc041f5000-7ffc041f7000 r-xp 00000000 00:00 0                          [vdso]
[1]    3725 done                 echo empty-file |
       3726 done                 cpio --format=tar --create |
       3727 abort (core dumped)  cpio --format=tar --list

#851632#22
Date:
2025-08-11 20:46:08 UTC
From:
To:
Properly close this bug, it was marked as fixed already.