[commons-compress] branch master updated: COMPRESS-516 turn ArrayIndexOutOfBounds into IOException

bodewig Sat, 23 May 2020 09:31:46 -0700

This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git



The following commit(s) were added to refs/heads/master by this push:
     new 3497dcb  COMPRESS-516 turn ArrayIndexOutOfBounds into IOException
3497dcb is described below

commit 3497dcbcf332cd932604713984edbb04965b0281
Author: Stefan Bodewig <bode...@apache.org>
AuthorDate: Sat May 23 18:30:45 2020 +0200

    COMPRESS-516 turn ArrayIndexOutOfBounds into IOException
---
 src/changes/changes.xml                            |  5 ++++
 .../bzip2/BZip2CompressorInputStream.java          |  1 +
 .../bzip2/BZip2CompressorInputStreamTest.java      | 32 ++++++++++++++++++++++
 3 files changed, 38 insertions(+)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 9c43f08..20a1b1d 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -68,6 +68,11 @@ The <action> type attribute can be add,update,fix,remove.
       <action issue="COMPRESS-520" type="fix" date="2020-05-23">
         Removed the PowerMock dependency.
       </action>
+      <action issue="COMPRESS-516" type="fix" date="2020-05-23">
+        Added improved checks to detect corrupted bzip2 streams and
+        throw the expected IOException rather than obscure
+        RuntimeExceptions.
+      </action>
     </release>
     <release version="1.20" date="2020-02-08"
              description="Release 1.20">
diff --git 
a/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java
 
b/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java
index d6e1500..18b4be0 100644
--- 
a/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java
+++ 
b/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java
@@ -667,6 +667,7 @@ public class BZip2CompressorInputStream extends 
CompressorInputStream
 
                 final int from = ++lastShadow;
                 lastShadow += s;
+                checkBounds(lastShadow, this.data.ll8.length, "lastShadow");
                 Arrays.fill(ll8, from, lastShadow + 1, ch);
 
                 if (lastShadow >= limitLast) {
diff --git 
a/src/test/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStreamTest.java
 
b/src/test/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStreamTest.java
index 7130d92..d338370 100644
--- 
a/src/test/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStreamTest.java
+++ 
b/src/test/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStreamTest.java
@@ -26,6 +26,8 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import org.apache.commons.compress.archivers.ArchiveInputStream;
+import org.apache.commons.compress.archivers.ArchiveStreamFactory;
 import org.apache.commons.compress.utils.IOUtils;
 import org.junit.Assert;
 import org.junit.Test;
@@ -97,4 +99,34 @@ public class BZip2CompressorInputStreamTest {
         }
     }
 
+    /**
+     * @see https://issues.apache.org/jira/browse/COMPRESS-516
+     */
+    @Test(expected = IOException.class)
+    public void shouldThrowIOExceptionInsteadofRuntimeExceptionCOMPRESS516() 
throws Exception {
+        ByteArrayInputStream input = new ByteArrayInputStream(new byte[] {
+            0x50, 0x4b, 0x03, 0x04, 0x2e, 0x00, 0x00, 0x00, 0x0c, 0x00,
+            (byte) 0x84, (byte) 0xb6, (byte) 0xba, 0x46, 0x72, (byte) 0xb6, 
(byte) 0xfe, 0x77, 0x63, 0x00,
+            0x00, 0x00, 0x6b, 0x00, 0x00, 0x00, 0x03, 0x00, 0x1c, 0x00,
+            0x62, 0x62, 0x62, 0x55, 0x54, 0x09, 0x00, 0x03, (byte) 0xe7, 
(byte) 0xce,
+            0x64, 0x55, (byte) 0xf3, (byte) 0xce, 0x64, 0x55, 0x75, 0x78, 
0x0b, 0x00,
+            0x01, 0x04, 0x5c, (byte) 0xf9, 0x01, 0x00, 0x04, (byte) 0x88, 
0x13, 0x00,
+            0x00, 0x42, 0x5a, 0x68, 0x34, 0x31, 0x41, 0x59, 0x26, 0x53,
+            0x59, 0x62, (byte) 0xe4, 0x4f, 0x51, 0x00, 0x00, 0x0d, (byte) 
0xd1, (byte) 0x80,
+            0x00, 0x10, 0x40, 0x00, 0x35, (byte) 0xf9, (byte) 0x8b, 0x00, 
0x20, 0x00,
+            0x48, (byte) 0x89, (byte) 0xfa, (byte) 0x94, (byte) 0xf2, (byte) 
0x9e, 0x29, (byte) 0xe8, (byte) 0xd2, 0x11,
+            (byte) 0x8a, 0x4f, 0x53, 0x34, 0x0f, 0x51, 0x7a, (byte) 0xed, 
(byte) 0x86, 0x65,
+            (byte) 0xd6, (byte) 0xed, 0x61, (byte) 0xee, 0x68, (byte) 0x89, 
0x48, 0x7d, 0x07, (byte) 0x71,
+            (byte) 0x92, 0x2a, 0x50, 0x60, 0x04, (byte) 0x95, 0x61, 0x35, 
0x47, 0x73,
+            0x31, 0x29, (byte) 0xc2, (byte) 0xdd, 0x5e, (byte) 0xc7, 0x4a, 
0x15, 0x14, 0x32,
+            0x4c, (byte) 0xda, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00
+        });
+        try (ArchiveInputStream ais =
+             new ArchiveStreamFactory().createArchiveInputStream("zip", 
input)) {
+            ais.getNextEntry();
+            IOUtils.toByteArray(ais);
+        }
+    }
+
 }

[commons-compress] branch master updated: COMPRESS-516 turn ArrayIndexOutOfBounds into IOException

Reply via email to