Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PKZIP 1.10, major bug ???

32 views
Skip to first unread message

Mark Adler

unread,
Sep 24, 1992, 11:23:09 AM9/24/92
to

Yep, sure looks like a bug to me. It is a bug in PKZIP as opposed to
PKUNZIP, since the file also fails to extract using Info-zip's unzip.
(As a historical note, PKUNZIP has many undocumented restrictions that
one would call bugs, were it not for the fact that PKZIP also obeys
these restrictions. This relegates them to bugs in appnote.txt.)

Looking at what unzip extracts compared to what it should extract, it
appears that PKZIP 1.1 has noticed that 09111... has appeared before,
but it gets replaced with just 11111..., so the pointer back in the
text has missed, probably two characters forward.

Mark Adler
mad...@cco.caltech.edu

Timo Salmi

unread,
Sep 24, 1992, 4:20:33 PM9/24/92
to
In article <30...@accucx.cc.ruu.nl> nev...@accucx.cc.ruu.nl (Nico E de Vries) writes:
>The file in the included archive is not processed properly by
>PKZIP 1.10. It does not explode to the correct file (damage).
:

Have you reported to PKWare. If you wish to, their email address
can be found in
13567 Aug 5 15:12 garbo.uwasa.fi:/pc/pd2/author10.zip

..................................................................
Prof. Timo Salmi
Moderating at garbo.uwasa.fi anonymous FTP archives 128.214.87.1
Faculty of Accounting & Industrial Management; University of Vaasa
Internet: t...@uwasa.fi Bitnet: salmi@finfun ; SF-65101, Finland

Nico E de Vries

unread,
Sep 25, 1992, 9:06:48 AM9/25/92
to
In <1992Sep24.2...@uwasa.fi> t...@uwasa.fi (Timo Salmi) writes:

>>The file in the included archive is not processed properly by
>>PKZIP 1.10. It does not explode to the correct file (damage).
>Have you reported to PKWare. If you wish to, their email address
>can be found in

>...

PKWARE SHOULD know about the problem. The archived file is just an example
of a file causing problems. Postscript files in general seem to trigger
the bug. It has been reported to PKWARE before but as far as I know they
have always denied the bug exists. I presume they will get the file from
R.E.M. as well and I hope they stop claiming PKZIP is errorless and do
something about it. Their algorithm seems to be mathematically verified
so the implementation must be the problem.

>Prof. Timo Salmi

Nico E. de Vries
_ _
O O USENET nev...@cc.ruu.nl This text reflects MY opinions, nothing else.
o This text is supplied 'AS IS', no waranties of any kind apply.
\_/ Don't waste your time on complaining about my hopeless typostyle.

Nico E de Vries

unread,
Sep 25, 1992, 9:10:16 AM9/25/92
to
In <19smgt...@gap.caltech.edu> mad...@cco.caltech.edu (Mark Adler) writes:

>Yep, sure looks like a bug to me. It is a bug in PKZIP as opposed to
>PKUNZIP, since the file also fails to extract using Info-zip's unzip.

Or the bug is in unzip as well :-). But seriously, PKZIP is indeed the
problem. I heard BTW postscript files tend to trigger the bug.

>...


>Looking at what unzip extracts compared to what it should extract, it
>appears that PKZIP 1.1 has noticed that 09111... has appeared before,
>but it gets replaced with just 11111..., so the pointer back in the
>text has missed, probably two characters forward.

Might be some buffer overwrite in the compressor (PKZIP has more buffer
problems althought they claim they are motherboard related). PKZIP 2.0
will probably not have bugs like these any more, they must be spending
all those time to something.

>Mark Adler

Vesselin Bontchev

unread,
Sep 25, 1992, 12:44:31 PM9/25/92
to
nev...@accucx.cc.ruu.nl (Nico E de Vries) writes:

> >Yep, sure looks like a bug to me. It is a bug in PKZIP as opposed to
> >PKUNZIP, since the file also fails to extract using Info-zip's unzip.

> Or the bug is in unzip as well :-).

I noticed the smiley, but nevertheless, here is some serious reply
(boring, boring): No, the bug is not in unzip. I have tried to
uncompress the archive with PAK 2.51 too, and it too gave CRC errors.
Therefore, the compressed image is buggy.

BTW, PKUNZIP has a minor bug in the user interface. You cannot
concatenate the 't' and the 's' options, when testing the integrity of
a passworded archive. That is,

pkunzip -t -spassword archive.zip

works fine, but

pkunzip -tspassword archive.zip

doesn't. What it does is to ignore the '-s' option!

Regards,
Vesselin
--
Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg
Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN
< PGP 2.0 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
e-mail: bont...@fbihh.informatik.uni-hamburg.de D-2000 Hamburg 54, Germany

Mark Adler

unread,
Sep 25, 1992, 3:25:34 PM9/25/92
to

Nico suggests with a smiley:

>> Or the bug is in unzip as well :-).

Tain't no such thing. Not in *our* unzip anyway. :-) :-) :-) :-)

mark

Glauber

unread,
Sep 28, 1992, 9:29:19 AM9/28/92
to

The bug is in PKZIP, for one simple reason: zip 1.0 implodes
the same file, and it then explodes well with both unzip and
pkunzip. PKZIP can't implode the file. So the problem is not
the algorythm, and it is not the decompression. It is the
PKZIP code.

BTW, very interesting bug. Looks like a buffer overflow to me.

Glauber

--
Glauber Ribeiro - Wheaton College, IL (USA)
gla...@david.wheaton.edu
gla...@vpnet.chi.il.us

0 new messages