Bug#612675: libkio5: KTar class have broken UTF-8 support (longlink)
Package: libkio5
Version: 4:4.4.5-3.1
Severity: grave
Tags: patch
Justification: causes non-serious data loss
I tried to create tar by KBackup program and found
truncated names of my files in .tar. KBackup uses
KTar class for writing tar files and that class
have broken UTF-8 support, it seems.
First, tar archives have to use "longlink trick" to
store names longer than 100 bytes. KTar class has
functions implementing longlink, but they check name
length in _characters_, not in bytes. For non-ASCII
characters in UTF-8 length of string in bytes and
length in characters do not match. In my case file
had character-length less than 100 and byte-length
greater than 100, so name simply truncated. Such
behavior can be observed on non-ASCII UTF-8 or any
other multibyte encoding. If file name is very long,
resulting .tar may become unreadable.
Second, calculation of 'chksum' field of tar header also
broken: 'buffer' array defined as char, a signed number,
while in tar sources chksum obtained as sum of unsigned
values (actually there is the trick for (unsigned char)
emulate, converting to integer and then logical and with
0xFF). May be bad checksum was reason for unreadable .tar.
In the following patch you'll find a fix for this bug.
diff -ru kde4libs-4.4.5.orig/kio/kio/ktar.cpp kde4libs-4.4.5/kio/kio/ktar.cpp
--- kde4libs-4.4.5.orig/kio/kio/ktar.cpp 2010-02-26 21:30:10.000000000 +0300
+++ kde4libs-4.4.5/kio/kio/ktar.cpp 2011-02-09 17:43:33.084041001 +0300
@@ -661,7 +661,7 @@
// Header check sum
int check = 32;
for( uint j = 0; j < 0x200; ++j )
- check += buffer[j];
+ check += (unsigned char)buffer[j];
s = QByteArray::number( check, 8 ); // octal
s = s.rightJustified( 6, '0' );
memcpy( buffer + 0x94, s.constData(), 6 );
@@ -733,7 +733,7 @@
const QByteArray gname = group.toLocal8Bit();
// If more than 100 chars, we need to use the LongLink trick
- if ( fileName.length() > 99 )
+ if ( encodedFileName.length() > 99 )
d->writeLonglink(buffer,encodedFileName,'L',uname,gname);
// Write (potentially truncated) name
@@ -786,7 +786,7 @@
QByteArray gname = group.toLocal8Bit();
// If more than 100 chars, we need to use the LongLink trick
- if ( dirName.length() > 99 )
+ if ( encodedDirname.length() > 99 )
d->writeLonglink(buffer,encodedDirname,'L',uname,gname);
// Write (potentially truncated) name
@@ -838,9 +838,9 @@
QByteArray gname = group.toLocal8Bit();
// If more than 100 chars, we need to use the LongLink trick
- if (target.length() > 99)
+ if (encodedTarget.length() > 99)
d->writeLonglink(buffer,encodedTarget,'K',uname,gname);
- if ( fileName.length() > 99 )
+ if ( encodedFileName.length() > 99 )
d->writeLonglink(buffer,encodedFileName,'L',uname,gname);
// Write (potentially truncated) name
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.37-rc5 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.utf8, LC_CTYPE=ru_RU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libkio5 depends on:
ii libacl1 2.2.49-4 Access control list shared library
ii libattr1 1:2.4.44-2 Extended attribute shared library
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libgamin0 [libfam0] 0.1.10-2+b1 Client library for the gamin file
ii libgcc1 1:4.4.5-8 GCC support library
ii libkdecore5 4:4.4.5-3.1 the KDE Platform Core Library
ii libkdeui5 4:4.4.5-3.1 the KDE Platform User Interface Li
ii libqt4-dbus 4:4.6.3-4 Qt 4 D-Bus module
ii libqt4-network 4:4.6.3-4 Qt 4 network module
ii libqt4-svg 4:4.6.3-4 Qt 4 SVG module
ii libqt4-xml 4:4.6.3-4 Qt 4 XML module
ii libqtcore4 4:4.6.3-4 Qt 4 core module
ii libqtgui4 4:4.6.3-4 Qt 4 GUI module
ii libsolid4 4:4.4.5-3.1 Solid Library for KDE Platform
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii libstreamanalyzer0 0.7.2-1+b1 streamanalyzer library for Strigi
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxrender1 1:0.9.6-1 X Rendering Extension client libra
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages libkio5 recommends:
ii kdelibs5-plugins 4:4.4.5-3.1 core plugins for KDE Applications
libkio5 suggests no packages.
-- no debconf information
Reply to: