Debian Bug report logs - #404114
gzip: [zdiff] Infine loop in "while : do .. case $1 esac done"

version graph

Package: gzip; Maintainer for gzip is Bdale Garbee <bdale@gag.com>; Source for gzip is src:gzip.

Reported by: Jari Aalto <jari.aalto@cante.net>

Date: Thu, 21 Dec 2006 20:34:05 UTC

Severity: normal

Found in version gzip/1.3.9-1

Fixed in version gzip/1.3.12-1

Done: Bdale Garbee <bdale@gag.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, bug-gzip@gnu.org, Bdale Garbee <bdale@gag.com>:
Bug#404114; Package gzip. Full text and rfc822 format available.

Acknowledgement sent to Jari Aalto <jari.aalto@cante.net>:
New Bug report received and forwarded. Copy sent to bug-gzip@gnu.org, Bdale Garbee <bdale@gag.com>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jari Aalto <jari.aalto@cante.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gzip: [zdiff] Infine loop in "while : do .. case $1 esac done"
Date: Thu, 21 Dec 2006 21:32:00 +0200
Package: gzip
Version: 1.3.9-1
Severity: important

It seems that zdiff hangs forever in case like:

    $ bash -x /bin/zdiff /usr/share/info/gzip.info.gz  /usr/share/info/gzip.info.gz

    + case $1 in
    + :
    + case $1 in
    + :
    + case $1 in
    + :
    + case $1 in
    + :
    + case $1 in
    <infinite loop>

The offending code, which never hits "break", is:

     37 while :; do
     38   case $1 in
     39   --h*) echo "$usage" || exit 2; exit;;
     40   --v*) echo "$version" || exit 2; exit;;
     41   --) shift; break;;
     42   -*) OPTIONS="$OPTIONS $ARG"; shift;;
     43   esac
     44 done

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.18-3-686
Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US)

Versions of packages gzip depends on:
ii  debianutils                  2.17.4      Miscellaneous utilities specific t
ii  libc6                        2.3.6.ds1-9 GNU C Library: Shared libraries

gzip recommends no packages.

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#404114; Package gzip. Full text and rfc822 format available.

Acknowledgement sent to Bdale Garbee <bdale@gag.com>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at 404114@bugs.debian.org (full text, mbox):

From: Bdale Garbee <bdale@gag.com>
To: Jari Aalto <jari.aalto@cante.net>, 404114@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#404114: gzip: [zdiff] Infine loop in "while : do .. case $1 esac done"
Date: Thu, 21 Dec 2006 18:10:52 -0700
severity 404114 normal
thanks

> It seems that zdiff hangs forever in case like:

Interesting, but not 'important' by Debian's BTS definitions.

Bdale




Severity set to `normal' from `important' Request was from Bdale Garbee <bdale@gag.com> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Bdale Garbee <bdale@gag.com>:
Bug#404114; Package gzip. Full text and rfc822 format available.

Acknowledgement sent to Paul Eggert <eggert@CS.UCLA.EDU>:
Extra info received and forwarded to list. Copy sent to Bdale Garbee <bdale@gag.com>. Full text and rfc822 format available.

Message #17 received at submit@bugs.debian.org (full text, mbox):

From: Paul Eggert <eggert@CS.UCLA.EDU>
To: Jari Aalto <jari.aalto@cante.net>
Cc: 404114@bugs.debian.org, Debian Bug Tracking System <submit@bugs.debian.org>, bug-gzip@gnu.org
Subject: Re: Bug#404114: gzip: [zdiff] Infine loop in "while : do .. case $1 esac done"
Date: Sat, 23 Dec 2006 20:17:47 -0800
Thanks for reporting that.  zdiff really is a can of worms.

Can you please try this patch?  I installed it into the main CVS for gzip.

2006-12-23  Paul Eggert  <eggert@cs.ucla.edu>

	* zdiff.in: Fix typo that broke most usages.  Problem reported by
	Jari Aalto in <http://bugs.debian.org/404114>.  While we're at it,
	fix a bunch of other problems.  Handle "-" better.  Send
	diagnostics to stderr, not stdout.  Use expr rather than echo |
	sed, to handle special characters better.  Report a diagnostic in
	the 1-arg case, if the argument doesn't end in .gz or the like,
	rather than having incomprehensible behavior.  Do not require that
	the inputs be regular files.  Avoid creating a temporary entirely,
	if /dev/fd works.  If not, then resist denial-of-service attacks
	better, by using mktemp.
	* Makefile.am (gzip.doc.gz): New rule.
	(check-local): Depend on it, and test zdiff for Debian bug 404114.

--- zdiff.in	9 Dec 2006 04:25:56 -0000	1.5
+++ zdiff.in	24 Dec 2006 04:13:56 -0000
@@ -11,8 +11,8 @@

 PATH="BINDIR:$PATH"; export PATH
 case "$0" in
-  *cmp) prog=cmp ; comp=${CMP-cmp}   ;;
-  *)    prog=diff; comp=${DIFF-diff} ;;
+  *cmp) prog=cmp ; cmp='${CMP-cmp}'  ;;
+  *)    prog=diff; cmp='${DIFF-diff}';;
 esac

 version="z$prog (gzip) @VERSION@
@@ -32,50 +32,72 @@ OPTIONs are the same as for '$prog'.

 Report bugs to <bug-gzip@gnu.org>."

-OPTIONS=
 FILES=
 while :; do
   case $1 in
   --h*) echo "$usage" || exit 2; exit;;
   --v*) echo "$version" || exit 2; exit;;
   --) shift; break;;
-  -*) OPTIONS="$OPTIONS $ARG"; shift;;
+  -*\'*) echo >&2 "$prog: $1: option contains apostrophe"; exit 2;;
+  -?*) cmp="$cmp '$1'"; shift;;
+  *) break;;
   esac
 done
+cmp="$cmp --"
+
 for file; do
-  test -f "$file" || {
-    echo "$prog: $file not found or not a regular file"
-    exit 2
-  }
+  test "X$file" = X- || <"$file" || exit 2
 done
-if test $# -eq 1; then
-	FILE=`echo "$1" | sed 's/[-.][zZtga]*$//'`
-	gzip -cd -- "$1" | $comp $OPTIONS - "$FILE"

+if test $# -eq 1; then
+  case $1 in
+  *[-.]gz* | *[-.][zZ] | *.t[ga]z)
+    FILE=`expr "X$1" : 'X\(.*\)[-.][zZtga]*$'`
+    gzip -cd -- "$1" | eval "$cmp" - '"$FILE"';;
+  *)
+    echo >&2 "$prog: $1: unknown compressed file extension"
+    exit 2;;
+  esac
 elif test $# -eq 2; then
 	case "$1" in
-        *[-.]gz* | *[-.][zZ] | *.t[ga]z)
+	*[-.]gz* | *[-.][zZ] | *.t[ga]z | -)
                 case "$2" in
-	        *[-.]gz* | *[-.][zZ] | *.t[ga]z)
-			F=`echo "$2" | sed 's|.*/||;s|[-.][zZtga]*||'`
-			set -C
-			trap 'rm -f /tmp/"$F".$$; exit 2' HUP INT PIPE TERM 0
-			gzip -cdfq -- "$2" > /tmp/"$F".$$ || exit
-			gzip -cdfq -- "$1" | $comp $OPTIONS - /tmp/"$F".$$
+		*[-.]gz* | *[-.][zZ] | *.t[ga]z | -)
+		    if test "$1$2" = --; then
+			gzip -cdfq - | eval "$cmp" - -
+		    elif test -r /dev/fd/3 3</dev/null; then
+			gzip -cdfq -- "$1" |
+			  (gzip -cdfq -- "$2" |
+			   eval "$cmp" /dev/fd/3 -) 3<&0
+		    else
+			F=`expr "/$2" : '.*/\(.*\)[-.][zZtga]*$'` || F=$prog
+			tmp=
+			trap '
+			  test -n "$tmp" && rm -f "$tmp"
+			  (exit 2); exit 2
+			' HUP INT PIPE TERM 0
+			if type mktemp >/dev/null 2>&1; then
+			  tmp=`mktemp -t -- "$F.XXXXXX"` || exit
+			else
+			  set -C
+			  tmp=${TMPDIR-/tmp}/$F.$$
+			fi
+			gzip -cdfq -- "$2" > "$tmp" || exit
+			gzip -cdfq -- "$1" | eval "$cmp" - '"$tmp"'
                         STAT="$?"
-			/bin/rm -f /tmp/"$F".$$ || STAT=2
+			rm -f "$tmp" || STAT=2
 			trap - HUP INT PIPE TERM 0
-			exit $STAT;;
-
-		*)      gzip -cdfq -- "$1" | $comp $OPTIONS - "$2";;
+			exit $STAT
+		    fi;;
+		*)	gzip -cdfq -- "$1" | eval "$cmp" - '"$2"';;
                 esac;;
         *)      case "$2" in
-	        *[-.]gz* | *[-.][zZ] | *.t[ga]z)
-			gzip -cdfq -- "$2" | $comp $OPTIONS "$1" -;;
-                *)      $comp $OPTIONS "$1" "$2";;
+		*[-.]gz* | *[-.][zZ] | *.t[ga]z | -)
+			gzip -cdfq -- "$2" | eval "$cmp" '"$1"' -;;
+		*)	eval "$cmp" '"$1"' '"$2"';;
                 esac;;
 	esac
 else
-	echo "$usage"
+	echo >&2 "$usage"
 	exit 2
 fi
--- Makefile.am	15 Dec 2006 08:25:02 -0000	1.17
+++ Makefile.am	24 Dec 2006 04:13:56 -0000
@@ -48,6 +48,9 @@ gzip_LDADD = lib/libgzip.a
 gzip.doc: gzip.1
 	groff -man -Tascii $(srcdir)/gzip.1 | col -b | uniq >$@

+gzip.doc.gz: gzip.doc
+	gzip <$? >$@
+
 SUFFIXES = .in
 .in:
 	sed \
@@ -60,7 +63,12 @@ SUFFIXES = .in
 # A simple test, just of gzip -- more of a sanity check than anything else.
 FILES_TO_CHECK = $(bin_SCRIPTS) $(gzip_LDADD) \
   $(top_srcdir)/ChangeLog $(top_srcdir)/configure $(top_srcdir)/gzip.c
-check-local: $(FILES_TO_CHECK)
+check-local: $(FILES_TO_CHECK) gzip.doc.gz
+	./zdiff -c gzip.doc.gz
+	./zdiff -c gzip.doc gzip.doc
+	./zdiff gzip.doc gzip.doc.gz
+	./zdiff -c - gzip.doc <gzip.doc.gz
+	./zdiff -c gzip.doc.gz gzip.doc.gz
 	for file in $(FILES_TO_CHECK); do \
 	  ./gzip -cv -- "$$file" | ./gzip -d | cmp - "$$file" || exit; \
 	done
@@ -96,7 +104,7 @@ install-exec-hook remove-installed-links

 uninstall-local: remove-installed-links

-MAINTAINERCLEANFILES = gzip.doc
+MAINTAINERCLEANFILES = gzip.doc gzip.doc.gz

 MOSTLYCLEANFILES = _match.i match_.s _match.S \
   gzexe zdiff zforce zgrep zless zmore znew



Information forwarded to debian-bugs-dist@lists.debian.org, Bdale Garbee <bdale@gag.com>:
Bug#404114; Package gzip. Full text and rfc822 format available.

Acknowledgement sent to Paul Eggert <eggert@CS.UCLA.EDU>:
Extra info received and forwarded to list. Copy sent to Bdale Garbee <bdale@gag.com>. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Bdale Garbee <bdale@gag.com>:
Bug#404114; Package gzip. Full text and rfc822 format available.

Acknowledgement sent to Jari Aalto <jari.aalto@cante.net>:
Extra info received and forwarded to list. Copy sent to Bdale Garbee <bdale@gag.com>. Full text and rfc822 format available.

Message #27 received at 404114@bugs.debian.org (full text, mbox):

From: Jari Aalto <jari.aalto@cante.net>
To: Paul Eggert <eggert@CS.UCLA.EDU>
Cc: 404114@bugs.debian.org, bug-gzip@gnu.org
Subject: Re: Bug#404114: gzip: [zdiff] Infine loop in "while : do .. case $1 esac done"
Date: Wed, 27 Dec 2006 10:49:49 +0200
Paul Eggert <eggert@CS.UCLA.EDU> writes:

> Thanks for reporting that.  zdiff really is a can of worms.
> Can you please try this patch?  I installed it into the main CVS for gzip.
>
> 2006-12-23  Paul Eggert  <eggert@cs.ucla.edu>
>
> 	* zdiff.in: Fix typo that broke most usages.  Problem reported by
> 	Jari Aalto in <http://bugs.debian.org/404114>.  While we're at it,
> 	fix a bunch of other problems.  Handle "-" better.  Send
> 	diagnostics to stderr, not stdout.  Use expr rather than echo |
> 	sed, to handle special characters better.  Report a diagnostic in
> 	the 1-arg case, if the argument doesn't end in .gz or the like,
> 	rather than having incomprehensible behavior.  Do not require that
> 	the inputs be regular files.  Avoid creating a temporary entirely,
> 	if /dev/fd works.  If not, then resist denial-of-service attacks
> 	better, by using mktemp.
> 	* Makefile.am (gzip.doc.gz): New rule.
> 	(check-local): Depend on it, and test zdiff for Debian bug 404114.

Confirmed. This fixes the bug; compiled from CVS.

Jari




Reply sent to Bdale Garbee <bdale@gag.com>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Jari Aalto <jari.aalto@cante.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #32 received at 404114-close@bugs.debian.org (full text, mbox):

From: Bdale Garbee <bdale@gag.com>
To: 404114-close@bugs.debian.org
Subject: Bug#404114: fixed in gzip 1.3.12-1
Date: Wed, 13 Jun 2007 23:02:06 +0000
Source: gzip
Source-Version: 1.3.12-1

We believe that the bug you reported is fixed in the latest version of
gzip, which is due to be installed in the Debian FTP archive:

gzip_1.3.12-1.diff.gz
  to pool/main/g/gzip/gzip_1.3.12-1.diff.gz
gzip_1.3.12-1.dsc
  to pool/main/g/gzip/gzip_1.3.12-1.dsc
gzip_1.3.12-1_i386.deb
  to pool/main/g/gzip/gzip_1.3.12-1_i386.deb
gzip_1.3.12.orig.tar.gz
  to pool/main/g/gzip/gzip_1.3.12.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 404114@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <bdale@gag.com> (supplier of updated gzip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 13 Jun 2007 18:55:42 -0400
Source: gzip
Binary: gzip
Architecture: source i386
Version: 1.3.12-1
Distribution: unstable
Urgency: low
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Bdale Garbee <bdale@gag.com>
Description: 
 gzip       - The GNU compression utility
Closes: 177942 225864 362786 366660 367400 383358 402042 404062 404099 404114 419895
Changes: 
 gzip (1.3.12-1) unstable; urgency=low
 .
   * new upstream version, closes: #177942, #225864, #362786, #366660, #367400,
     #383358, #402042, #404099, #404114, #419895
   * fix delivery of upstream ChangeLog, closes: #404062
Files: 
 d33a83601c01806bf7117e92ad49cf94 553 utils required gzip_1.3.12-1.dsc
 b5bac2d21840ae077e0217bc5e4845b1 462169 utils required gzip_1.3.12.orig.tar.gz
 ee3961eed29e786f60c13533b0836cf0 11721 utils required gzip_1.3.12-1.diff.gz
 b99c1f2c598ee0ab2a3bedbc0674ec63 101672 utils required gzip_1.3.12-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGcHZKZKfAp/LPAagRAp1hAJ9RoVn9dZDF1ma/+wiolZjixO46sQCeIdX+
yca5Z77H6gKKoLCCGfFHjKk=
=BHHf
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 13 Jul 2007 07:32:36 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 22:09:25 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.