Comments (11)
kraih
commented on May 30, 2024
1
At some point we'll just have to write our own unpacker.
from cavil.
kraih
commented on May 30, 2024
We just had another issue like that. jnweiger/perl-File-Unpack#12 And since PRs are not merged, the openSUSE package now gets 7 or so custom patches applied.
from cavil.
kraih
commented on May 30, 2024
Changed the title so we can just collect File::Unpack problems in one place. In case we actually find the time to write a replacement.
from cavil.
kraih
commented on May 30, 2024
And we have another issue, this time via the dependency File::LibMagic.
libmagic TrueType font collection data, 1.0, 162 fonts, at 0x294 can't allocate 18446744073709551264 bytes (Cannot allocate memory) at /usr/lib/perl5/vendor_perl/5.26.1/x86_64-linux-thread-multi/File/LibMagic.pm line 206.
Which caused an iosevka-fonts update to get stuck in legal review.
from cavil.
coolo
commented on May 30, 2024
That's a lot of bytes :)
from cavil.
coolo
commented on May 30, 2024
But if that bug is in libmagic, we're talking CVE level here
from cavil.
coolo
commented on May 30, 2024
hmm, so it's hard to classify this as DoS as the number of bytes are so insane that every machine gives up straight away :)
iosevka-aile.ttc: TrueType font collection data, 1.0, 27 fonts, at 0x78 TrueType Font data, 17 tables, 1st "GDEF"
iosevka-curly-slab.ttc: ERROR: TrueType font collection data, 1.0, 162 fonts, at 0x294 can't allocate 18446744073709551264 bytes (Cannot allocate memory)
iosevka-curly.ttc: ERROR: TrueType font collection data, 1.0, 162 fonts, at 0x294 can't allocate 18446744073709551264 bytes (Cannot allocate memory)
from cavil.
kraih
commented on May 30, 2024
We recently ran into an issue unpacking the onedrive tarball.
.../.unpacked/onedrive-2.4.15/tests/State-of-the-art, challenges, and open issues in the integration of Internet of Things and Cloud Computing/State-of-the-art, challenges, and open issues in the integration of Internet of Things and Cloud Computing.txt path escaped....
Looks like there's a test case with a broken archive that trips up File::Unpack.
from cavil.
kraih
commented on May 30, 2024
There's been another problematic test case in the buildah tarball, which results in an untar that runs endlessly.
buildah-1.27.0/tests/conformance/testdata/add/dir-not-dir/test.tar
from cavil.
kraih
commented on May 30, 2024
Since it doesn't look like we will be rewriting the unpacker anytime soon, i've added an exclude file feature as a temporary workaround. 6f44ecb
from cavil.
kraih
commented on May 30, 2024
I think it is time to fork File::Unpack, so we don't have to deal with all those custom patches anymore: https://github.com/openSUSE/perl-File-Unpack2
from cavil.
Related Issues (20)
- One click UI for creating new patterns
- Make priorities more visible for open reviews HOT 1
- Position dropdown menu for managing patterns dynamically
- Ignore snippet everywhere does not work
- Full test coverage for the main review process HOT 1
- Optimize daily cleanup
- decline requests if they report an "Error" HOT 3
- Files with extremely long lines of text HOT 2
- Add UI for removing globs again
- Inconsistent risk assessments
- Inconsistent patterns without license HOT 2
- Support LicenseRef- prefix in specfiles HOT 1
- Inconsistent license capitalisation
- Bring back ordering for ui tables
- RFE: Speeding up license correction HOT 2
- LegalDB report should use license definitions acceptable by obs-service-format_spec_file HOT 2
- Flagging changes authored by AI HOT 1
- Review correction ui
- UI for reviewing ML classification HOT 1
- Encoding error when generating SPDX reports
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cavil.