Ruby » Backport186

=begin
This issue was originally reported to One-Click Installer project by Jeremy Bopp:

http://rubyforge.org//tracker/?func=detail&atid=715&aid=26404&group_id=167

Description:

While extracting compressed entries from a ZIP archive, I came across a particular file entry which when read in using
a 4096 byte buffer which was then sent to be inflated would cause Zlib to raise a buffer error. This affects affects
versions 186-26, 186-27-rc1, and 186-27-rc2 of the One-Click Ruby installation but does not affect other builds of Ruby
I have tested:

ruby 1.8.7 (2008-08-11 patchlevel 72) [i386-cygwin]
ruby 1.8.7 (2008-08-11 patchlevel 72) [x86_64-linux]

I have not tried this test with other builds of Ruby version 1.8.6 to isolate whether or not this is a general error
for Ruby 1.8.6 or if this is specific to the One-Click Ruby Installer build. This appears to be a Zlib-specific defect.

I have attached a simple test case which reliably reproduces this error condition on the affected versions of Ruby.
This test case will try all possible buffer sizes for reading in the included compressed data file and will report all
buffer sizes which cause this error. In my testing the following output is printed over a range of buffer sizes from
1 to 4704 bytes on all affected versions of Ruby:

buffer error: buffer size: 1040 bytes
buffer error: buffer size: 4096 bytes
buffer error: buffer size: 4097 bytes

This indicates that buffer errors were generated when reading and subsequently inflating the first 1040, 4096, and 4097
bytes of the compressed data file. There should be no errors at all, and the zlib-test.rb script should simply exit
without any output.

Date: 2009-06-23 20:16
Sender: Luis Lavena

Hello Jeremy.

Thank you for reporting this.

Could you try the exact same issue with MinGW Based version of
Ruby?

You can download those from here:

http://rubyinstaller.org/downloads

All the current version of the installer are built against a
unknown version of Zlib and the ruby-zlib extension.

Since newer versions of the installer will be based on MinGW
(GCC), verifying that environment and creating a small test case
will be great of us to fix or forward this upstream to Ruby-Core.

Thank you.

Date: 2009-06-24 10:55
Sender: Jeremy Bopp

The testcase completed successfully with the following
MinGW-built versions located at the site you indicated:

ruby 1.8.6 (2009-03-31 patchlevel 368) [i386-mingw32]
ruby 1.9.1p129 (2009-05-12 revision 23412) [i386-mingw32]

Date: 2009-06-25 01:27
Sender: Luis Lavena

Thank you Jeremy.

I going to report this to Ruby-core, since the binaries exposed
in Ruby-lang and the ones used by One-Click Installer prior the
MinGW releases are built by maintainers over there and not by us.

I'm not 100% sure what is going on there, but it appears to be
a issue with zlib-ruby extension and the version of zlib.dll
(which should be zlib1.dll anyway).

Conclusion: as my last comment in the report states, there is an issue with all the binaries being released AND advertised at Ruby-lang website.

Since One-Click Installer has been using those binaries to build the installers, all the user base is affected by those issues.

This can be extended to those users having random Zlib buffer errors, since seems all are affected to the exact same component.

Also, can be extended to 1.9 and 1.8.7, since these two versions uses the exact same version of zlib (zlib.dll) which is not provided in the download and people blidnly get from zlib.net page.

Find attached the test case file provided by Jeremy.

Apologize for being negative and pessimistic, but as maintainer of One-Click Installer, getting these kind of reports on a daily basis or direct emails are overwhelming when there is nothing we can do about it.

I'll love some feedback on these issues, the binaries used or at least share the building instructions to distribute some sort of patch or install note to the community.

Thank you.
=end