Hello! IfoundthatifI runzictocreatea linkonanotherdevice, the bufferoverflowinzip.c:1422inversion2025awill occur. Inthislinei==0. The commandtoreplay: ./zic -l test -d . -t /path/to/link_on_another_device Best regards, Evgeniy Gorbanyov
On 2025-03-04 22:12, Evgeniy Gorbanev via tz wrote:
Hello!
IfoundthatifI runzictocreatea linkonanotherdevice, the bufferoverflowinzip.c:1422inversion2025awill occur. Inthislinei==0. The commandtoreplay: ./zic -l test -d . -t /path/to/ link_on_another_device Best regards, Evgeniy Gorbanyov
Unfortunately your message was corrupted somehow. The above is what I see, and it's hard to make sense of it. Among other things there is no file zip.c in the TZDB source. Also, surely you're not trying to use zic in that way; you want to do something else but I don't know what the "something else" is. Please give instructions for how to reproduce the bug from scratch, including the platform you're running on. I tried to reproduce the problem as follows, on Ubuntu 24.10 x86-64, but the following seemed to work without any buffer overflow: $ wget https://data.iana.org/time-zones/releases/tzdb-2025a.tar.lz $ tar xf tzdb-2025a.tar.lz $ cd tzdb-2025a $ make CFLAGS='-fsanitize=address' $ touch test $ ./zic -l test -d . -t /tmp/another-file-system The last command outputs: warning: "command line", line 1: symbolic link used because hard link failed: Invalid cross-device link and creates a symlink as follows: $ ls -l /tmp/another-file-system lrwxrwxrwx 1 eggert eggert 6 Mar 5 11:28 /tmp/another-file-system -> ./test ... a dangling symbolic link, but then the zic command itself doesn't make much sense.
On Mar 5, 2025, at 11:34 AM, Paul Eggert via tz <tz@iana.org> wrote:
On 2025-03-04 22:12, Evgeniy Gorbanev via tz wrote:
Hello!
I found that if I run zic to create a link on another device, the buffer overflow in zip.c:1422 in version 2025a will occur. In this line i == 0.
The command to replay: ./zic -l test -d . -t /path/to/link_on_another_device
Best regards, Evgeniy Gorbanyov
Unfortunately your message was corrupted somehow. The above is what I see, and it's hard to make sense of it.
The message was a multi-part mail, in which the first part was Content-Type: text/plain; charset=UTF-8; format=flowed and had *no* spaces between the words, and the second part was Content-Type: text/html; charset=UTF-8 and the text was a bag of HTML in the form (reformatted to make the HTML somewhat more readable) <span class="EzKURWReUAB5oZgtQNkl" data-src-align="0:1" style="white-space: pre-wrap;">I</span><span style="white-space: pre-wrap;"> </span> <span class="EzKURWReUAB5oZgtQNkl" data-src-align="2:9" style="white-space: pre-wrap;">found</span><span style="white-space: pre-wrap;"> </span> <span class="EzKURWReUAB5oZgtQNkl" data-src-align="13:3" style="white-space: pre-wrap;">that</span><span style="white-space: pre-wrap;"> </span> so it was at least readable when rendered by Apple Mail. I tried reformatting it above, to show how it *should* have showed up as text/plain, rather than how it *did* show up.
Among other things there is no file zip.c in the TZDB source.
He might be referring to live 1422 of zic.c, with a "c", not a "p", after "zi". Lines 1421 and 1422 of that file are for (; linkname[i]; i++) dotdots += linkname[i] == '/' && linkname[i - 1] != '/'; respectively. I don't know what "on another device" means. My *guess* is that it means that it's a link to another mounted file system, either on another disk or on something mounted from a file server.
Paul Eggert via tz said:
On 2025-03-04 22:12, Evgeniy Gorbanev via tz wrote:
Hello!
IfoundthatifI runzictocreatea linkonanotherdevice, the bufferoverflowinzip.c:1422inversion2025awill occur. Inthislinei==0. The commandtoreplay: ./zic -l test -d . -t /path/to/ link_on_another_device Best regards, Evgeniy Gorbanyov
Unfortunately your message was corrupted somehow. The above is what I see, and it's hard to make sense of it.
If it helps, what my mailer is showing is:
Hello! I found that if I run zic to create a link on another device, the buffer overflow in zip.c:1422 in version 2025a will occur. In this line i == 0. The command to replay: ./zic -l test -d . -t /path/to/link_on_another_device Best regards, Evgeniy Gorbanyov
I'm guessing that the last bit should be something like:
The command to replay: ./zic -l test -d . -t /path/to/link_on_another_device Best regards, Evgeniy Gorbanyov
Clive -- Clive D.W. Feather | If you lie to the compiler, Email: clive@davros.org | it will get its revenge. Web: http://www.davros.org | - Henry Spencer Mobile: +44 7973 377646
participants (4)
-
Clive D.W. Feather -
Evgeniy Gorbanev -
Guy Harris -
Paul Eggert