Review Request 122579: Stop failing on ZIP files with redundant data descriptors

David Faure faure at kde.org
Mon Feb 16 07:15:55 UTC 2015


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/122579/#review76100
-----------------------------------------------------------

Ship it!


Thanks :-)

- David Faure


On Feb. 16, 2015, midnight, Friedrich W. H. Kossebau wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/122579/
> -----------------------------------------------------------
> 
> (Updated Feb. 16, 2015, midnight)
> 
> 
> Review request for KDE Frameworks and David Faure.
> 
> 
> Repository: karchive
> 
> 
> Description
> -------
> 
> Currently the parsing code of KZip assumes that there are only data descriptors behind the file data if bit 3 of the general purpose bit flag in the local file header is set. But, the spec does not forbid the data descriptors also to be used when that bit is not set, see the "SHOULD" (not "MUST") in 4.3.9.1 of the ZIP spec (https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT):
> 
>       4.3.9.1 This descriptor MUST exist if bit 3 of the general
>       purpose bit flag is set (see below).  It is byte aligned
>       and immediately follows the last byte of compressed data.
>       This descriptor SHOULD be used only when it was not possible to
>       seek in the output .ZIP file, e.g., when the output .ZIP file
>       was standard output or a non-seekable device.  For ZIP64(tm) format
>       archives, the compressed and uncompressed sizes are 8 bytes each.
> 
> This patch fixes that by testing for a data descriptor behind the file data. It tests both for data descriptors with and without the PK78 signature, as 4.3.9.3 of the ZIP spec recommends it:
> 
>       4.3.9.3 Although not originally assigned a signature, the value 
>       0x08074b50 has commonly been adopted as a signature value 
>       for the data descriptor record.  Implementers should be 
>       aware that ZIP files may be encountered with or without this 
>       signature marking data descriptors and SHOULD account for
>       either case when reading ZIP files to ensure compatibility.
> 
> The patch also comes with a unit test and two files where such redundant data descriptors are used, once with and once without signature (hand crafted, using "zip" and Okteta :) ).
> 
> Motivation:
> Currently Calligra Words cannot open ODT files as created by the ODT export of DokuWiki, while at least LibreOffice can and also all the zip tools have no problem with the file. You can create such ODT files e.g. on http://plugtest.opendocsociety.org/
> 
> I have also started to prepare a patch against kdelibs 4.14 and will complete it, once this RR has passed review.
> 
> 
> Diffs
> -----
> 
>   autotests/data/redundantDataDescriptorsNoSignature.zip PRE-CREATION 
>   autotests/data/redundantDataDescriptorsWithSignature.zip PRE-CREATION 
>   autotests/karchivetest.h 8c4f980 
>   autotests/karchivetest.cpp 4dc016e 
>   src/kzip.cpp fd9a5e0 
> 
> Diff: https://git.reviewboard.kde.org/r/122579/diff/
> 
> 
> Testing
> -------
> 
> All KArchive tests pass, Calligra can load the ODT files created by DokuWiki and still other ODT files.
> 
> 
> Thanks,
> 
> Friedrich W. H. Kossebau
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20150216/ae28e595/attachment.html>


More information about the Kde-frameworks-devel mailing list