This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new 60d551a COMPRESS-542 guard against integer overflow
60d551a is described below
commit 60d551a748236d7f4651a4ae88d5a351f7c5754b
Author: Stefan Bodewig <[email protected]>
AuthorDate: Sun May 16 17:39:44 2021 +0200
COMPRESS-542 guard against integer overflow
---
.../java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java | 2 ++
1 file changed, 2 insertions(+)
diff --git
a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
index 2d7bb77..521aed8 100644
--- a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
+++ b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
@@ -943,6 +943,8 @@ public class SevenZFile implements Closeable {
stats.numberOfUnpackSubStreams = stats.numberOfFolders;
}
+ assertFitsIntoNonNegativeInt(stats.numberOfUnpackSubStreams);
+
if (nid == NID.kSize) {
for (final int numUnpackSubStreams : numUnpackSubStreamsPerFolder)
{
if (numUnpackSubStreams == 0) {
