libminizip1 (1.1-8build1) does not write the correct number of files in the zip header if number of files > 0xFFFF and file size < 4gb
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
minizip (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
If more than 0xFFFF files are written using the minizip library and the file size is less than 4gb (32-bit limit) the 64-bit zip central directory record is not written and the correct number of files is not written in the header (truncated at 0xFFFF). The default latest 'unzip' package in Ubuntu 22.04 and 20.04 will extract all the files but print a confusing error if -q (quiet parameter) is passed to it:
"error: expected central file header signature not found (file #%lu).\n"
"(please check that you have transferred or created the zipfile in the\n"
" appropriate BINARY mode and that you have compiled UnZip properly)"
unzip will also return 3 indicating an error.
A simple fix is provided in this patch:
--- minizip-1.1/zip.c 2010-02-14 23:59:40.000000000 -0500
+++ minizip-1.1.1/zip.c 2022-07-27 15:25:47.146666009 -0400
@@ -1919,7 +1919,7 @@ extern int ZEXPORT zipClose (zipFile fil
free_
pos = centraldir_
- if(pos >= 0xffffffff)
+ if(pos >= 0xffffffff || zi->number_entry > 0xFFFF)
{
ZPOS64_T Zip64EOCDpos = ZTELL64(
summary: |
- libminizip1 (1.1-8build1) does not write the correct number of files if - number of files > 0xFFFF and file size < 4gb + libminizip1 (1.1-8build1) does not write the correct number of files in + the zip header if number of files > 0xFFFF and file size < 4gb |
Attached is the patch for zip.c.