Subject: bin/12005: gzip has buffer overflow
To: None <gnats-bugs@gnats.netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: netbsd-bugs
Date: 01/19/2001 17:44:20
>Number: 12005
>Category: bin
>Synopsis: zmore/gzip get Seg Fault when argument is long
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jan 19 17:47:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Jeremy C. Reed
>Release: 1.5.1_ALPHA
>Organization:
>Environment:
System: NetBSD rainier 1.5.1_ALPHA NetBSD 1.5.1_ALPHA (JCR-1.5-20010108) #0: Mon Jan 8 09:25:45 PST 2001 reed@rainier:/usr/src/sys/arch/i386/compile/JCR-1.5-20010108 i386
>Description:
zmore and "gzip -cdfq" get a segmentation fault from a bad
strcpy in gzip/gzip.c. For further details look at my posting:
http://mail-index.netbsd.org/current-users/2001/01/18/0064.html
>How-To-Repeat:
Use a 99999-character command line argument.
>Fix:
Simon Burge is working on this. He posted a patch to
http://mail-index.netbsd.org/current-users/2001/01/19/0008.html
It is also having some discussion.
>Release-Note:
>Audit-Trail:
>Unformatted: