From: hsbt@... Date: 2019-07-30T09:43:35+00:00 Subject: [ruby-core:94047] [Ruby master Bug#9529] TarHeader (Gem::Package) doesn't parse size correctly for +8GB entries Issue #9529 has been updated by hsbt (Hiroshi SHIBATA). Backport deleted (1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN) Assignee changed from drbrain (Eric Hodel) to hsbt (Hiroshi SHIBATA) Status changed from Assigned to Third Party's Issue I'm not sure what usecase of this issue. Can you file the details into the upstream repository? https://github.com/rubygems/rubygems Thanks. ---------------------------------------- Bug #9529: TarHeader (Gem::Package) doesn't parse size correctly for +8GB entries https://bugs.ruby-lang.org/issues/9529#change-80275 * Author: eranhirsch (Eran Hirsch) * Status: Third Party's Issue * Priority: Normal * Assignee: hsbt (Hiroshi SHIBATA) * Target version: * ruby -v: ruby 1.9.3p448 (2013-06-27 revision 41675) [x86_64-darwin13.0.0] * Backport: ---------------------------------------- * The current TAR header parsing code assumes the size is represented as an octal string * Because this is a 12-byte, null-terminated field, effectively this can represent up to 8GB (8^11). * For bigger files the standard allows to define the field as a 12-byte INTEGER instead. * When using this form, the first bit of the field should be turned on to signal that it is used. Currently, TAR files containing files larger then 8GB in this format would fail parsing because size would be computed as 0. (Wiki with some description of the logic, couldn't find a more "formal" document: http://en.wikipedia.org/wiki/Tar_(computing)#File_header) The problem is with this code: http://yard.ruby-doc.org/stdlib-2.1.0/Gem/Package/TarHeader.html#from-class_method The line that assigns the value to size should be conditioned on the value of the first bit, and should treat the two cases differently -- https://bugs.ruby-lang.org/ Unsubscribe: