Review Request 122579: Stop failing on ZIP files with redundant data descriptors

Friedrich W. H. Kossebau kossebau at kde.org
Sun Feb 15 18:22:30 UTC 2015


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/122579/
-----------------------------------------------------------

Review request for KDE Frameworks and David Faure.


Repository: karchive


Description
-------

Currently the parsing code of KZip assumes that there are only data descriptors behind the file data if bit 3 of the general purpose bit flag in the local file header is set. But, the spec does not forbid the data descriptors also to be used when that bit is not set, see the "SHOULD" (not "MUST") in 4.3.9.1 of the ZIP spec (https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT):

      4.3.9.1 This descriptor MUST exist if bit 3 of the general
      purpose bit flag is set (see below).  It is byte aligned
      and immediately follows the last byte of compressed data.
      This descriptor SHOULD be used only when it was not possible to
      seek in the output .ZIP file, e.g., when the output .ZIP file
      was standard output or a non-seekable device.  For ZIP64(tm) format
      archives, the compressed and uncompressed sizes are 8 bytes each.

This patch fixes that by testing for a data descriptor behind the file data. It tests both for data descriptors with and without the PK78 signature, as 4.3.9.3 of the ZIP spec recommends it:

      4.3.9.3 Although not originally assigned a signature, the value 
      0x08074b50 has commonly been adopted as a signature value 
      for the data descriptor record.  Implementers should be 
      aware that ZIP files may be encountered with or without this 
      signature marking data descriptors and SHOULD account for
      either case when reading ZIP files to ensure compatibility.

The patch also comes with a unit test and two files where such redundant data descriptors are used, once with and once without signature (hand crafted, using "zip" and Okteta :) ).

Motivation:
Currently Calligra Words cannot open ODT files as created by the ODT export of DokuWiki, while at least LibreOffice can and also all the zip tools have no problem with the file. You can create such ODT files e.g. on http://plugtest.opendocsociety.org/

I have also started to prepare a patch against kdelibs 4.14 and will complete it, once this RR has passed review.


Diffs
-----

  autotests/karchivetest.h 8c4f980 
  autotests/karchivetest.cpp 4dc016e 
  src/kzip.cpp fd9a5e0 
  autotests/data/redundantDataDescriptorsNoSignature.zip PRE-CREATION 
  autotests/data/redundantDataDescriptorsWithSignature.zip PRE-CREATION 

Diff: https://git.reviewboard.kde.org/r/122579/diff/


Testing
-------

All KArchive tests pass, Calligra can load the ODT files created by DokuWiki and still other ODT files.


Thanks,

Friedrich W. H. Kossebau

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20150215/ed3c1096/attachment.html>


More information about the Kde-frameworks-devel mailing list