Backport #1688
Updated by luislavena (Luis Lavena) almost 12 years ago
=begin This issue was originally reported to One-Click Installer project by Jeremy Bopp: http://rubyforge.org//tracker/?func=detail&atid=715&aid=26404&group_id=167 Description: While extracting compressed entries from a ZIP archive, I came across a particular file entry which when read in using a 4096 byte buffer which was then sent to be inflated would cause Zlib to raise a buffer error. This affects affects versions 186-26, 186-27-rc1, and 186-27-rc2 of the One-Click Ruby installation but does not affect other builds of Ruby I have tested: ruby 1.8.7 (2008-08-11 patchlevel 72) [i386-cygwin] ruby 1.8.7 (2008-08-11 patchlevel 72) [x86_64-linux] I have not tried this test with other builds of Ruby version 1.8.6 to isolate whether or not this is a general error for Ruby 1.8.6 or if this is specific to the One-Click Ruby Installer build. This appears to be a Zlib-specific defect. I have attached a simple test case which reliably reproduces this error condition on the affected versions of Ruby. This test case will try all possible buffer sizes for reading in the included compressed data file and will report all buffer sizes which cause this error. In my testing the following output is printed over a range of buffer sizes from 1 to 4704 bytes on all affected versions of Ruby: buffer error: buffer size: 1040 bytes buffer error: buffer size: 4096 bytes buffer error: buffer size: 4097 bytes This indicates that buffer errors were generated when reading and subsequently inflating the first 1040, 4096, and 4097 bytes of the compressed data file. There should be no errors at all, and the zlib-test.rb script should simply exit without any output. ----- Date: 2009-06-23 20:16 Sender: Luis Lavena Hello Jeremy. Thank you for reporting this. Could you try the exact same issue with MinGW Based version of Ruby? You can download those from here: http://rubyinstaller.org/downloads All the current version of the installer are built against a unknown version of Zlib and the ruby-zlib extension. Since newer versions of the installer will be based on MinGW (GCC), verifying that environment and creating a small test case will be great of us to fix or forward this upstream to Ruby-Core. Thank you. ---- Date: 2009-06-24 10:55 Sender: Jeremy Bopp The testcase completed successfully with the following MinGW-built versions located at the site you indicated: ruby 1.8.6 (2009-03-31 patchlevel 368) [i386-mingw32] ruby 1.9.1p129 (2009-05-12 revision 23412) [i386-mingw32] ---- Date: 2009-06-25 01:27 Sender: Luis Lavena Thank you Jeremy. I going to report this to Ruby-core, since the binaries exposed in Ruby-lang and the ones used by One-Click Installer prior the MinGW releases are built by maintainers over there and not by us. I'm not 100% sure what is going on there, but it appears to be a issue with zlib-ruby extension and the version of zlib.dll (which should be zlib1.dll anyway). ---- Conclusion: as my last comment in the report states, there is an issue with all the binaries being released AND advertised at Ruby-lang website. Since One-Click Installer has been using those binaries to build the installers, all the user base is affected by those issues. This can be extended to those users having random Zlib buffer errors, since seems all are affected to the exact same component. Also, can be extended to 1.9 and 1.8.7, since these two versions uses the exact same version of zlib (zlib.dll) which is not provided in the download and people blidnly get from zlib.net page. Find attached the test case file provided by Jeremy. Apologize for being negative and pessimistic, but as maintainer of One-Click Installer, getting these kind of reports on a daily basis or direct emails are overwhelming when there is nothing we can do about it. I'll love some feedback on these issues, the binaries used or at least share the building instructions to distribute some sort of patch or install note to the community. Thank you. =end