This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new c43928b63 CpioArchiveInputStream.read(byte[], int, int) now throws an
IOException on a data pad count mismatch
c43928b63 is described below
commit c43928b63430d5907b291d74e2ecdfcdb91ef12e
Author: Gary Gregory <[email protected]>
AuthorDate: Thu Jan 2 10:22:22 2025 -0500
CpioArchiveInputStream.read(byte[], int, int) now throws an IOException
on a data pad count mismatch
---
src/changes/changes.xml | 1 +
.../compress/archivers/cpio/CpioArchiveInputStream.java | 11 ++++++-----
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 4804f334c..5ada21833 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -59,6 +59,7 @@ The <action> type attribute can be add,update,fix,remove.
<action type="fix" dev="ggregory" due-to="Gary
Gregory">ZipArchiveOutputStream.close() does not close its underlying output
stream.</action>
<action type="fix" dev="ggregory" due-to="Gary Gregory">Don't use
deprecated code in TarArchiveInputStream.</action>
<action type="fix" dev="ggregory" due-to="Gary Gregory">Don't use
deprecated code in TarFile.</action>
+ <action type="fix" dev="ggregory" due-to="Gary
Gregory">CpioArchiveInputStream.read(byte[], int, int) now throws an
IOException on a data pad count mismatch.</action>
<!-- ADD -->
<action type="add" dev="ggregory" due-to="Gary Gregory">Add
GzipParameters.getModificationInstant().</action>
<action type="add" dev="ggregory" due-to="Gary Gregory">Add
GzipParameters.setModificationInstant(Instant).</action>
diff --git
a/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
b/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
index fbb8907fe..64ffde2fb 100644
---
a/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
+++
b/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
@@ -325,7 +325,10 @@ public class CpioArchiveInputStream extends
ArchiveInputStream<CpioArchiveEntry>
return -1;
}
if (this.entryBytesRead == this.entry.getSize()) {
- skip(entry.getDataPadCount());
+ final int dataPadCount = entry.getDataPadCount();
+ if (skip(dataPadCount) != dataPadCount) {
+ throw new IOException("Data pad count missmatch.");
+ }
this.entryEOF = true;
if (this.entry.getFormat() == FORMAT_NEW_CRC && this.crc !=
this.entry.getChksum()) {
throw new IOException("CRC Error. Occurred at byte: " +
getBytesRead());
@@ -492,11 +495,9 @@ public class CpioArchiveInputStream extends
ArchiveInputStream<CpioArchiveEntry>
return b;
}
- private void skip(final int bytes) throws IOException {
+ private int skip(final int length) throws IOException {
// bytes cannot be more than 3 bytes
- if (bytes > 0) {
- readFully(fourBytesBuf, 0, bytes);
- }
+ return length > 0 ? readFully(fourBytesBuf, 0, length) : 0;
}
/**
