Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CFE_FS_Decompress infinite loop on truncated gzip file #298

Closed
skliper opened this issue Sep 30, 2019 · 4 comments · Fixed by #367
Closed

CFE_FS_Decompress infinite loop on truncated gzip file #298

skliper opened this issue Sep 30, 2019 · 4 comments · Fixed by #367
Labels
bug
Milestone
Bootes

Comments

@skliper
Copy link
Contributor

skliper commented Sep 30, 2019

If CFS_FS_Decompress is given a truncated gzip file, it will enter an infinite loop in which it attempts to read more data from the file, gets nothing, and tries again. Discovered by accidentally attempting to have ES load a new compressed application (which we didn't know had been truncated), which led to ES getting stuck and an eventual watchdog reset.

The problem seems to be that running out of bytes in a gzipped file before decompression is finished is not considered an error. I can see how this might be intentional if it is expected that the file handle might be a stream that could present data after being emptied, but for the normal file use case I think it is a bug. Suggested fix by combining the two checks at line 309 of cfe_fs_decompress.c:

if ( State->insize == 0 ) return EOF;

if ( len == OS_FS_ERROR )
{
State->Error = CFE_FS_GZIP_READ_ERROR;
return EOF;
}

into one:

if ((State->insize == 0) !|| (len == OS_FS_ERROR)) {
State->Error = CFE_FS_GZIP_READ_ERROR;
return EOF;
}

Recommend investigation if insize might temporarily hit 0 during a normal decompression.

Reported via email from Mike Stewart, [email protected]
@skliper skliper added this to the 6.7.1 milestone Sep 30, 2019
@skliper skliper self-assigned this Sep 30, 2019
@skliper skliper added the bug label Sep 30, 2019
@skliper
Copy link
Contributor Author

skliper commented Sep 30, 2019

Imported from trac issue 267. Created by jhageman on 2019-03-26T11:07:06, last modified: 2019-07-03T12:48:08

@skliper
Copy link
Contributor Author

skliper commented Sep 30, 2019

Trac comment by jhageman on 2019-07-03 12:48:08:

Moved unfinished 6.6.1 issues to next minor release

@skliper skliper removed their assignment Sep 30, 2019
@skliper skliper modified the milestones: 6.7.1, 6.7.0, 6.8.0 Sep 30, 2019
@thewonderidiot
Copy link

Hi, Mike here! I can't send the file that originally caused this problem for us (EAR...) but I've made another one that causes the same issue. Starting with this image:
corgi

If I compress and the truncate the image as follows:

gzip corgi.jpg
dd if=corgi.jpg.gz of=corgi2.jpg.gz bs=2048 count=1

This gives me this file: corgi2.jpg.gz

If I uplink this to our flight computer and then try to extract it via FM_DECOMPRESS, ES_START_APP, etc., whatever app tries to do the decompression gets stuck in an infinite loop.

Let me know if this file is able to reproduce it for you!

@avan989 avan989 mentioned this issue Oct 7, 2019
Merged
@skliper skliper mentioned this issue Oct 8, 2019
Closed
@skliper skliper removed this from the 6.8.0 milestone May 12, 2020
@skliper
Copy link
Contributor Author

skliper commented May 12, 2020
edited
Loading

Edit... fixed in #367

@skliper skliper removed the wontfix label May 12, 2020
@skliper skliper added this to the 6.8.0 milestone May 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
Bootes
Development

Successfully merging a pull request may close this issue.

Fix #298, fix infinite loop when gz file is truncated
2 participants
@thewonderidiot @skliper