Bug#857975: strip-nondeterminism: endless loop while stripping ar files

Thu Mar 16 19:50:22 UTC 2017

Package: strip-nondeterminism
Version: 0.031-1
Severity: important

It is possible to trigger an endless loop while stripping ar files which
contain an illegal file size.

How to reproduce:

echo H4sICHfpylgCA3Rlc3QuYQBTtEksSs6w49JXQAUGGGwIaWZiA\
qZ1zWAqErgAcKtfFkQAAAA= | base64 -d | gzip -d > loop.a
strip-nondeterminism loop.a

See this patch for a possible solution:

diff --git a/lib/File/StripNondeterminism/handlers/ar.pm b/lib/File/StripNondeterminism/handlers/ar.pm
index 660fa8f..a71307a 100644
--- a/lib/File/StripNondeterminism/handlers/ar.pm
+++ b/lib/File/StripNondeterminism/handlers/ar.pm
@@ -67,6 +67,8 @@ sub normalize {
 		my $file_size = substr($buf, 48, 10);
 		seek $fh, $file_header_start + 16, SEEK_SET;
 
+		die "Incorrect file size" if $file_size < 1;
+
 		# mtime
 		syswrite $fh,
 		  sprintf("%-12d", $File::StripNondeterminism::canonical_time // 0);

