This is an automated email from the ASF dual-hosted git repository. bodewig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push: new 3497dcb COMPRESS-516 turn ArrayIndexOutOfBounds into IOException 3497dcb is described below commit 3497dcbcf332cd932604713984edbb04965b0281 Author: Stefan Bodewig <bode...@apache.org> AuthorDate: Sat May 23 18:30:45 2020 +0200 COMPRESS-516 turn ArrayIndexOutOfBounds into IOException --- src/changes/changes.xml | 5 ++++ .../bzip2/BZip2CompressorInputStream.java | 1 + .../bzip2/BZip2CompressorInputStreamTest.java | 32 ++++++++++++++++++++++ 3 files changed, 38 insertions(+) diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 9c43f08..20a1b1d 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -68,6 +68,11 @@ The <action> type attribute can be add,update,fix,remove. <action issue="COMPRESS-520" type="fix" date="2020-05-23"> Removed the PowerMock dependency. </action> + <action issue="COMPRESS-516" type="fix" date="2020-05-23"> + Added improved checks to detect corrupted bzip2 streams and + throw the expected IOException rather than obscure + RuntimeExceptions. + </action> </release> <release version="1.20" date="2020-02-08" description="Release 1.20"> diff --git a/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java b/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java index d6e1500..18b4be0 100644 --- a/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java +++ b/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java @@ -667,6 +667,7 @@ public class BZip2CompressorInputStream extends CompressorInputStream final int from = ++lastShadow; lastShadow += s; + checkBounds(lastShadow, this.data.ll8.length, "lastShadow"); Arrays.fill(ll8, from, lastShadow + 1, ch); if (lastShadow >= limitLast) { diff --git a/src/test/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStreamTest.java b/src/test/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStreamTest.java index 7130d92..d338370 100644 --- a/src/test/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStreamTest.java +++ b/src/test/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStreamTest.java @@ -26,6 +26,8 @@ import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import org.apache.commons.compress.archivers.ArchiveInputStream; +import org.apache.commons.compress.archivers.ArchiveStreamFactory; import org.apache.commons.compress.utils.IOUtils; import org.junit.Assert; import org.junit.Test; @@ -97,4 +99,34 @@ public class BZip2CompressorInputStreamTest { } } + /** + * @see https://issues.apache.org/jira/browse/COMPRESS-516 + */ + @Test(expected = IOException.class) + public void shouldThrowIOExceptionInsteadofRuntimeExceptionCOMPRESS516() throws Exception { + ByteArrayInputStream input = new ByteArrayInputStream(new byte[] { + 0x50, 0x4b, 0x03, 0x04, 0x2e, 0x00, 0x00, 0x00, 0x0c, 0x00, + (byte) 0x84, (byte) 0xb6, (byte) 0xba, 0x46, 0x72, (byte) 0xb6, (byte) 0xfe, 0x77, 0x63, 0x00, + 0x00, 0x00, 0x6b, 0x00, 0x00, 0x00, 0x03, 0x00, 0x1c, 0x00, + 0x62, 0x62, 0x62, 0x55, 0x54, 0x09, 0x00, 0x03, (byte) 0xe7, (byte) 0xce, + 0x64, 0x55, (byte) 0xf3, (byte) 0xce, 0x64, 0x55, 0x75, 0x78, 0x0b, 0x00, + 0x01, 0x04, 0x5c, (byte) 0xf9, 0x01, 0x00, 0x04, (byte) 0x88, 0x13, 0x00, + 0x00, 0x42, 0x5a, 0x68, 0x34, 0x31, 0x41, 0x59, 0x26, 0x53, + 0x59, 0x62, (byte) 0xe4, 0x4f, 0x51, 0x00, 0x00, 0x0d, (byte) 0xd1, (byte) 0x80, + 0x00, 0x10, 0x40, 0x00, 0x35, (byte) 0xf9, (byte) 0x8b, 0x00, 0x20, 0x00, + 0x48, (byte) 0x89, (byte) 0xfa, (byte) 0x94, (byte) 0xf2, (byte) 0x9e, 0x29, (byte) 0xe8, (byte) 0xd2, 0x11, + (byte) 0x8a, 0x4f, 0x53, 0x34, 0x0f, 0x51, 0x7a, (byte) 0xed, (byte) 0x86, 0x65, + (byte) 0xd6, (byte) 0xed, 0x61, (byte) 0xee, 0x68, (byte) 0x89, 0x48, 0x7d, 0x07, (byte) 0x71, + (byte) 0x92, 0x2a, 0x50, 0x60, 0x04, (byte) 0x95, 0x61, 0x35, 0x47, 0x73, + 0x31, 0x29, (byte) 0xc2, (byte) 0xdd, 0x5e, (byte) 0xc7, 0x4a, 0x15, 0x14, 0x32, + 0x4c, (byte) 0xda, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00 + }); + try (ArchiveInputStream ais = + new ArchiveStreamFactory().createArchiveInputStream("zip", input)) { + ais.getNextEntry(); + IOUtils.toByteArray(ais); + } + } + }