Bug 30833

Summary: [un]zip can't handle a > 4GB .zip file (was: unzip fails with "error: not enough memory for bomb detection"). May be correctable.
Product: Mageia Reporter: Pierre Fortin <pfortin>
Component: RPM PackagesAssignee: All Packagers <pkg-bugs>
Status: NEW --- QA Contact:
Severity: enhancement    
Priority: Normal CC: marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: zip-3.0-13.mga9.src.rpm,unzip-6.0-4.mga9.src.rpm CVE:
Status comment:

Description Pierre Fortin 2022-09-09 01:11:23 CEST 
Description of problem: 

$ ll moment-truth-summit.zip
-rw-r--r-- 1 pfortin ncdt 7263951465 Sep  8 15:55 moment-truth-summit.zip

$ unzip moment-truth-summit.zip
Archive:  moment-truth-summit.zip
warning [moment-truth-summit.zip]:  4294967296 extra bytes at beginning or within zipfile
  (attempting to process anyway)
file #1:  bad zipfile offset (local header sig):  4294967296
  (attempting to re-compensate)
 extracting: IMG_7429.CR2            
error: not enough memory for bomb detection





Version-Release number of selected component (if applicable): unzip-6.0-3.mga9


How reproducible: always on certain zip files

See https://bugzilla.redhat.com/show_bug.cgi?id=1900915  for possible fix.

I tried bunzip2; but:
$ bunzip2 moment-truth-summit.zip
bunzip2: Can't guess original name for moment-truth-summit.zip -- using moment-truth-summit.zip.out
bunzip2: moment-truth-summit.zip is not a bzip2 file.



Steps to Reproduce:
1.
2.
3.
Comment 1 Marja Van Waes 2022-09-10 23:11:04 CEST 
(In reply to Pierre Fortin from comment #0)
> Description of problem: 
> 
> $ ll moment-truth-summit.zip
> -rw-r--r-- 1 pfortin ncdt 7263951465 Sep  8 15:55 moment-truth-summit.zip

AFAIK for Linux the size limit for a zip file is still 4GB, your file is 6.8GB
http://infozip.sourceforge.net/FAQ.html#limits
http://infozip.sourceforge.net/UnZip.html

When googling for "4294967296 extra bytes at beginning or within zipfile" I found the advice to try to unzip with jar or with 7z 
I can't find that we have jar, but we do have fastjar. 
7z is provided by p7zip

Try:

7z xv moment-truth-summit.zip

or 

fastjar xv moment-truth-summit.zip

CC: (none) => marja11

Marja Van Waes 2022-09-12 23:40:02 CEST

Summary: unzip fails with "error: not enough memory for bomb detection" => unzip can't handle a > 4GB .zip file (was: unzip fails with "error: not enough memory for bomb detection")
Keywords: (none) => UPSTREAM

Comment 2 Pierre Fortin 2022-10-27 16:29:14 CEST 
Did not expect unzip to still have 4G limit...  the website that was used to share the photos creates the zip file on the fly.  I see there is zip64 https://sourceforge.net/projects/zip64file/ (GPLv2)
Comment 3 Lewis Smith 2022-12-13 16:02:47 CET 
Thank you for the last pointer (sorry to have left you).
Given that unzip has its 4Gb limit - fair enough - and that p7zip should do the bigger job, this bug could have be closed.

But I found this useful post:
"The basic Zip format has a limit of 4 GB per file. You need to upgrade your zip tool to one that supports Zip64:
$ zip -v
Zip special compilation options:
        ZIP64_SUPPORT        (use Zip64 to store large files in archives)
Alternatively, use a different archive format such as 7z or tar."

Similarly,
$ unzip -v
UnZip special compilation options:
       ZIP64_SUPPORT (archives using Zip64 for large files supported)

From your link:
"Zip64File is a JAVA library which implements the 64-bit extension of the ZIP standard from PKWARE using random-access, permitting to access archives larger than 4 GB with more than 65 K files."

So it appears that with this library, and the ZIP64_SUPPORT compile option, this might be correctable.
Assigning globally.

Severity: normal => enhancement
Assignee: bugsquad => pkg-bugs
Summary: unzip can't handle a > 4GB .zip file (was: unzip fails with "error: not enough memory for bomb detection") => [un]zip can't handle a > 4GB .zip file (was: unzip fails with "error: not enough memory for bomb detection"). May be correctable.
Source RPM: unzip-6.0-3.mga9 => zip-3.0-13.mga9.src.rpm,unzip-6.0-4.mga9.src.rpm
Keywords: UPSTREAM => (none)