Closed bayrinat closed 6 years ago
cavaliercoder
commented
6 years ago 16 bytes is the length of an Index structure. The point of that line is to check for corruption and exit early. There's a chance your file is corrupted.
Can you read the file in any other RPM implementation (maybe rpm -qip <file>)? If so, can you please share it with us so we can fix this?
bayrinat
commented
6 years ago Sure, try it. It self-builded empty rpm by rpmbuild without any requires. rpm -qip works fine.
test_rpm.gz
cavaliercoder
commented
6 years ago Thanks, I can replicate the same issue with your package. I'll try to fix.
rpromyshlennikov
commented
6 years ago Hi Ryan(@cavaliercoder ) and Rinat(@bayrinat),
I've dived into RPM internals for several days and can say with full confidence, that header length describes length of data section withOUT index section itself and we cannot statically check it at the point where this check is at the moment.
So, from my point of view there are 3 options:
h.IndexCount*r_IndexHeaderLength > r_MaxHeaderSize, because it is the only one thing that we know on this step on one hundred percent;currDataSize += currIndexValueSize; currentDataSize + h.IndexCount*r_IndexHeaderLength < r_MaxHeaderSize, but this check will duplicate "out of index" offset check (it exists on every index value extraction).I propose the second one.
Ryan, which approach do you prefer, if you agree with me, could I send you a PR?
rpromyshlennikov
commented
6 years ago After #12 is merged and closed, I think this issue is solved.
cavaliercoder
commented
6 years ago After merging @rpromyshlennikov 's PR #12, I've confirmed that test_rpm provided by @bayrinat
now reads correctly with this library! Thanks team.
https://github.com/cavaliercoder/go-rpm/blob/master/header.go#L105
Why did you use exactly 16? I have one file that fails on this checking and I have no idea how to fix it.