site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=NVE2BhyIXhAAfLCilBcoFqg05wInwIPTkwk2ti6p4Hc=; b=JcbeiywBmVxpO4qFbEMXj0m1TBXiVA7Bd9jaFltQARYnxHKFKVr98cbFhV7OaT3pwX w+WgFzH8iXmabs43bDlvITKVRB5aM7albwxK6QeKt2g+qWIyW81tiTg6gFXroPVJ/6uk DCKBy9JGOVkEvLA/5P3Xz/6YbR+d3tJWxCrgv/pQ4lLEkvDAw5wRHxGIwDph+w6LFMPM FrK1AEYKF0Ctww+8NssZEQWKjqKZbtR/x6n3SV2/CLl1+WB4jI75DQMpIafdz3PkAwLJ nRrjqDBBfoJpFIUEVAqoShcMSn1OpFNIJcxjUmbkFqmncIAvaoGsEZGMtN3vehmGwfPg PYOg== Just for info. There's a bug in the xar_from_base64 function of the b64.c file of the xar project (which is used in pkgutil and probably in PackageKit.framework). The output of the function can be incorrect because the output array of unsigned chars is is not set to 0. This is the bug: output = malloc(3 * (inputLength / 4 + 1)); So in case output is allocated to some location that was previously used, the contents of output will not be a bunch of zeroes (so no terminating NULL char after the last decoded character). And anyway, it should not be assumed to be a bunch of zeroes. It just happens that having a distribution package (.pkg) containing a Package name with some accented characters (such as é) will trigger the bug every single time when using pkgutil --expand or xar -tc This problem can be reproduced on Mac OS X 10.10.5 and 10.11.6 with the Apple built binaries and it can be reproduced using the latest xar source code available on opensource.apple.com (xar-400). And based on what I see in xar-28, the problem is apparently there since Mac OS X 10.5.0. Problem# 37427477 _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.app... This email sent to site_archiver@lists.apple.com