Recent Topics
-
UNSOLVED PA 19.00.43 stops me moving .tar.xz, .tar.gz and .7z files.
Tech Support5 -
UNSOLVED PA 19.00.43 Queue re-enabled every Windows reboot
Tech Support4 -
Fast Ring: PowerArchiver 2019 19.00.30/31/32/33/39/40/41/43/44
Tech Support15 -
SOLVED PA 2019 register type associations everytime.
Tech Support10 -
UNSOLVED PA needs longer to close when mp3-file from archive is opened
Tech Support6 -
UNSOLVED Outdated SFX-Text & Design
Tech Support5 -
SOLVED Security vulnerability in UnAceV2.dll
Tech Support17 -
SOLVED Skins Page not displayed correctly
Tech Support3 -
SOLVED Running PA 2019.00.39 maximized in Win 10 Home
Tech Support6 -
UNSOLVED Ugly progress bar with old skins
Skins6 -
SOLVED FIPS
Tech Support13 -
UNSOLVED Smart AI: Preferences not intuitive
Tech Support10 -
"The specified account already exists" error
Tech Support11 -
UNSOLVED Make portable version compatible with PortableApps
Wishlist1 -
UNSOLVED "Password is secure" should be "Password matches policy"
Tech Support3 -
UNSOLVED Missing Language
Tech Support2 -
UNSOLVED Some buttons in "Modern Look" are too small
Translations2 -
UNSOLVED Can't unmount Virtual Drive
Tech Support2 -
UNSOLVED found this link on the internet and thought you should investigate it
Tech Support5
Two bugs that could lead to data corruption in PA 9.63
-
The first involves the 7Z format. To recreate the problem, do the following:
1)Create a small test file on your desktop named test.txt containing only the word “test”.
-
Right-click on the file, select PowerArchiver 2006 from the context menu and select “Compress with Options…”
-
Choose the 7Z radio button
-
click on the “Password…” button at the bottom right of the popup and enter the password “vanilla”, then re-enter the password.
-
Click on the Add button.
At this point, you should have two new files on your desktop, one named test.txt containing only the word “test”, and one named “test.7z”
-
Right-click on “test.7z”, select “PowerArchiver 2006” from the context menu and select “Extract Here”.
-
Enter an INCORRECT password in the password dialog popup and click OK.
-
You will get a popup “Confirm File Overwrite?”.
BEGS THE QUESTION: Why is PA asking permission to overwrite the file after the password has been entered incorrectly?<<<
Click on Yes (which shouldn’t be an option after the password has been entered incorrectly).
- Open the file “test.txt” on the desktop and you will see that it is now corrupted!
If, at step 7 above, instead of entering an incorrect password, you entered nothing at all in the password window and just clicked OK, you still get the “Confirm Overwrite?” dialog, and if you click Yes, the file “test.txt” is corrupted. This also happens if you choose Cancel intead of OK in the password dialog.
At the point that the password is entered incorrectly whether blank or the wrong character sequence, PA should prompt for the correct password. When the cancel button is clicked in the password box, PA should stop the operation, changing NOTHING. In neither case should PA proceed to the “Confirm Overwrite?” popup if the password is not entered correctly.
The second bug relates the the BH file handling. The steps to reproduce are:
Repeat the steps above from 1 through 5 but instead of selecting the 7Z radio button, select the BH radio button.
You should now have two new files on your desktop, “test.txt” containing only the word “test”, and test.bh
Now, right click on test.bh, select “PowerArchiver 2006” and then “Extract Here” from the context menu.
You will get a “Confirm File Overwrite?” popup. Click Yes. Enter the password “vanilla” in the password field and click OK.
You will now see a popup stating:
"There is a CRC error on file: test.txt
Volume: test.bhContinue?"
For both possible answers to the popup - whether at this point you click Yes to continue or No to not continue - then open the file test.txt, you’ll see that the file has been overwritten and corrupted.
Both of these BUGS can lead to critical data loss.
It took me all of 15 minutes after installing PA to find these two problems. Doesn’t inspire confidence.
-
-
The first one is a known. But this is not a error. This is just the way it works. You loose nothing, the file is still inside the archive.
Don’t know about the second one.
Guido
-
But this is not a error. This is just the way it works. You loose nothing, the file is still inside the archive.
I disagree - strongly - if you cannot enter the correct password when extracting, PA should not overwrite, modify, or corrupt any exisitng files. How can file corruption ever be considered ‘not a bug’?
Even if you can still get to the file inside the archive, I would consider this a serious error. But think about what’s happening here - the user might have forgotten the password (he’s not getting it right, remember), so trashing the uncompressed, unencrypted version of the file (even if it might not match what’s inside the archive) is a very bad error.
-
I disagree - strongly - if you cannot enter the correct password when extracting, PA should not overwrite, modify, or corrupt any exisitng files. How can file corruption ever be considered ‘not a bug’?
Even if you can still get to the file inside the archive, I would consider this a serious error. But think about what’s happening here - the user might have forgotten the password (he’s not getting it right, remember), so trashing the uncompressed, unencrypted version of the file (even if it might not match what’s inside the archive) is a very bad error.
yes, it should not happen.
Problem is that 7zip engine by default does not use temp folder, so data is extracted over existing file. Until it is extracted, it does not know if password is correct or not. Keep in mind that PA does show you different file sizes in overwrite dialogue, although most people probably click away before reading anything.
Same problem happens with 7zip application and other applications supporting the format.
I hope we can be creative about this one for the future version.
As to the BH, thats an bug and will be fixed in future releases.
thanks for reporting…
-
yes, it should not happen.
Problem is that 7zip engine by default does not use temp folder, so data is extracted over existing file. Until it is extracted, it does not know if password is correct or not. Keep in mind that PA does show you different file sizes in overwrite dialogue, although most people probably click away before reading anything.
Same problem happens with 7zip application and other applications supporting the format.
I hope we can be creative about this one for the future version.
As to the BH, thats an bug and will be fixed in future releases.
thanks for reporting…
Funny that you mention this. After discovering this behavior in powerarchiver, I went into my other archivers (7-zip, WinRAR) and guess what? Same type of behavior in them with the formats that support the password field in their app! That made me suspect that this might be a problem with the underlying routines, and not the specific application. I hope it can be fixed soon. I’ve already informed WinRAR of the problem. Haven’t informed the 7-zip devs yet. Just got tired of typing
And, yes this is a bug. Under no circumstances should an archiver corrupt an existing file, not to mention simply because the user enters the wrong password when trying to decompress a password protected archive into a directory that already contains a file with the same name.
Thanks for the responses.
-
Funny that you mention this. After discovering this behavior in powerarchiver, I went into my other archivers (7-zip, WinRAR) and guess what? Same type of behavior in them with the formats that support the password field in their app! That made me suspect that this might be a problem with the underlying routines, and not the specific application. I hope it can be fixed soon. I’ve already informed WinRAR of the problem. Haven’t informed the 7-zip devs yet. Just got tired of typing
And, yes this is a bug. Under no circumstances should an archiver corrupt an existing file, not to mention simply because the user enters the wrong password when trying to decompress a password protected archive into a directory that already contains a file with the same name.
Thanks for the responses.
yes, because we all use same 7zip engine, so same problem. Another problem is - even if we start using temp folder, how many people will turn it off because it is slower?
Because if you use current folder as temp option, it will always do this, it simply does not know that it failed before it extracts it. And if current folder is temp, then it will always overwrite file (with overwrite warning).
And again, it does show you the overwrite window, problem is that nobody cares about overwrite windows, people just click on Yes within same second it appeared :-).
