View Issue Details

IDProjectCategoryView StatusLast Update
0000426fileGeneralpublic2023-03-05 20:01
Reporterclaudiu Assigned Tochristos  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
OSUbuntuOS Version20.04 
Product Version5.44 
Fixed in Version5.45 
Summary0000426: Error "lhs/off overflow 4294967295 0" is printed to console
DescriptionWhen running "file" over files which are composed of only 0xff bytes (at least 6 bytes), I get the above error. For example:

{code}
$ ./file -m magic.mgc ff.bin
lhs/off overflow 4294967295 0
ff.bin: ISO-8859 text, with no line terminators
$ hexdump -C ff.bin
00000000 ff ff ff ff ff ff |......|
00000006
{code}

The error seems to be generated from the do_ops function:
{code}
file_private int
do_ops(struct magic *m, uint32_t *rv, intmax_t lhs, intmax_t off)
{
    intmax_t offset;
    // On purpose not INTMAX_MAX
    if (lhs >= UINT_MAX || lhs <= INT_MIN ||
        off >= UINT_MAX || off <= INT_MIN) {
        fprintf(stderr, "lhs/off overflow %jd %jd\n", lhs, off);
        return 1;
    }
{code}
, but my knowledge of libmagic is limited so I don't understand why this is a problem.

Aside from the error itself, I'm wondering why such errors are printed to the console, since this is part of the libmagic functionality...but of course, this is a separate issue.
Steps To Reproduce1. Create a file with only 0xff bytes:
{code}
$ printf "\xff\xff\xff\xff\xff\xff" > ff.bin
{code}
2. Run "file" on it:
{code}
$ ./file -m magic.mgc ff.bin
lhs/off overflow 4294967295 0
ff.bin: ISO-8859 text, with no line terminators
{code}
Additional InformationI first encountered this in a file from an ISO archive: https://mirror.netsite.dk/centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-DVD-2207-02.iso

The file location within the ISO is: CentOS-7-x86_64-DVD-2207-02.iso --> Packages/ecj-4.5.2-3.el7.x86_64.rpm --> ecj-4.5.2-3.el7.src.cpio.xz --> ecj-4.5.2-3.el7.src.cpio --> ./usr/share/java/ecj.jar --> org/eclipse/jdt/internal/compiler/parser/unicode/part2.rsc
Tagsbug

Activities

polluks

2023-02-20 13:32

reporter   ~0003896

workaround "2>/dev/null"

claudiu

2023-02-23 08:39

reporter   ~0003897

I've attached a patch that only prints those messages to stderr if the MAGIC_DEBUG flag is set. This seems to be the rule in the libmagic code, aside from some special cases (e.g. if CDF_DEBUG is defined).
softmagic.c.patch (3,506 bytes)   
--- src/softmagic.c	2023-02-12 19:23:21.000000000 +0200
+++ src/softmagic.c	2023-02-23 10:26:59.158016500 +0200
@@ -1456,16 +1456,19 @@
 }
 
 file_private int
-do_ops(struct magic *m, uint32_t *rv, intmax_t lhs, intmax_t off)
+do_ops(struct magic_set *ms, struct magic *m, uint32_t *rv, intmax_t lhs,
+	intmax_t off)
 {
 	intmax_t offset;
 	// On purpose not INTMAX_MAX
 	if (lhs >= UINT_MAX || lhs <= INT_MIN ||
 	    off >= UINT_MAX || off <= INT_MIN) {
-		fprintf(stderr, "lhs/off overflow %jd %jd\n", lhs, off);
+		if ((ms->flags & MAGIC_DEBUG) != 0) {
+			fprintf(stderr, "lhs/off overflow %jd %jd\n", lhs, off);
+		}
 		return 1;
 	}
-	   
+
 	if (off) {
 		switch (m->in_op & FILE_OPS_MASK) {
 		case FILE_OPAND:
@@ -1498,7 +1501,9 @@
 	if (m->in_op & FILE_OPINVERSE)
 		offset = ~offset;
 	if (offset >= UINT_MAX) {
-		fprintf(stderr, "offset overflow %jd\n", offset);
+		if ((ms->flags & MAGIC_DEBUG) != 0) {
+			fprintf(stderr, "offset overflow %jd\n", offset);
+		}
 		return 1;
 	}
 	*rv = CAST(uint32_t, offset);
@@ -1702,25 +1707,25 @@
 		case FILE_BYTE:
 			if (OFFSET_OOB(nbytes, offset, 1))
 				return 0;
-			if (do_ops(m, &offset, SEXT(sgn,8,p->b), off))
+			if (do_ops(ms, m, &offset, SEXT(sgn,8,p->b), off))
 				return 0;
 			break;
 		case FILE_BESHORT:
 			if (OFFSET_OOB(nbytes, offset, 2))
 				return 0;
-			if (do_ops(m, &offset, SEXT(sgn,16,BE16(p)), off))
+			if (do_ops(ms, m, &offset, SEXT(sgn,16,BE16(p)), off))
 				return 0;
 			break;
 		case FILE_LESHORT:
 			if (OFFSET_OOB(nbytes, offset, 2))
 				return 0;
-			if (do_ops(m, &offset, SEXT(sgn,16,LE16(p)), off))
+			if (do_ops(ms, m, &offset, SEXT(sgn,16,LE16(p)), off))
 				return 0;
 			break;
 		case FILE_SHORT:
 			if (OFFSET_OOB(nbytes, offset, 2))
 				return 0;
-			if (do_ops(m, &offset, SEXT(sgn,16,p->h), off))
+			if (do_ops(ms, m, &offset, SEXT(sgn,16,p->h), off))
 				return 0;
 			break;
 		case FILE_BELONG:
@@ -1730,7 +1735,7 @@
 			lhs = BE32(p);
 			if (in_type == FILE_BEID3)
 				lhs = cvt_id3(ms, CAST(uint32_t, lhs));
-			if (do_ops(m, &offset, SEXT(sgn,32,lhs), off))
+			if (do_ops(ms, m, &offset, SEXT(sgn,32,lhs), off))
 				return 0;
 			break;
 		case FILE_LELONG:
@@ -1740,37 +1745,37 @@
 			lhs = LE32(p);
 			if (in_type == FILE_LEID3)
 				lhs = cvt_id3(ms, CAST(uint32_t, lhs));
-			if (do_ops(m, &offset, SEXT(sgn,32,lhs), off))
+			if (do_ops(ms, m, &offset, SEXT(sgn,32,lhs), off))
 				return 0;
 			break;
 		case FILE_MELONG:
 			if (OFFSET_OOB(nbytes, offset, 4))
 				return 0;
-			if (do_ops(m, &offset, SEXT(sgn,32,ME32(p)), off))
+			if (do_ops(ms, m, &offset, SEXT(sgn,32,ME32(p)), off))
 				return 0;
 			break;
 		case FILE_LONG:
 			if (OFFSET_OOB(nbytes, offset, 4))
 				return 0;
-			if (do_ops(m, &offset, SEXT(sgn,32,p->l), off))
+			if (do_ops(ms, m, &offset, SEXT(sgn,32,p->l), off))
 				return 0;
 			break;
 		case FILE_LEQUAD:
 			if (OFFSET_OOB(nbytes, offset, 8))
 				return 0;
-			if (do_ops(m, &offset, SEXT(sgn,64,LE64(p)), off))	
+			if (do_ops(ms, m, &offset, SEXT(sgn,64,LE64(p)), off))
 				return 0;
 			break;
 		case FILE_BEQUAD:
 			if (OFFSET_OOB(nbytes, offset, 8))
 				return 0;
-			if (do_ops(m, &offset, SEXT(sgn,64,BE64(p)), off))
+			if (do_ops(ms, m, &offset, SEXT(sgn,64,BE64(p)), off))
 				return 0;
 			break;
 		case FILE_OCTAL:
 			if (OFFSET_OOB(nbytes, offset, m->vallen))
 				return 0;
-			if(do_ops(m, &offset,
+			if(do_ops(ms, m, &offset,
 			    SEXT(sgn,64,strtoull(p->s, NULL, 8)), off))
 				return 0;
 			break;
softmagic.c.patch (3,506 bytes)   

christos

2023-03-05 20:01

manager   ~0003906

Fixed to only print debugging with debug.

Issue History

Date Modified Username Field Change
2023-02-17 15:04 claudiu New Issue
2023-02-17 15:04 claudiu Tag Attached: bug
2023-02-20 13:32 polluks Note Added: 0003896
2023-02-23 08:39 claudiu Note Added: 0003897
2023-02-23 08:39 claudiu File Added: softmagic.c.patch
2023-03-05 20:00 christos Assigned To => christos
2023-03-05 20:00 christos Status new => assigned
2023-03-05 20:01 christos Status assigned => resolved
2023-03-05 20:01 christos Resolution open => fixed
2023-03-05 20:01 christos Fixed in Version => 5.45
2023-03-05 20:01 christos Note Added: 0003906