This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new b05ed49 COMPRESS-567 and even more 7z sanity checks
b05ed49 is described below
commit b05ed497feadf0fc69f49eb23d6b37d0509d7855
Author: Stefan Bodewig <bode...@apache.org>
AuthorDate: Sat May 22 21:08:32 2021 +0200
COMPRESS-567 and even more 7z sanity checks
---
.../commons/compress/archivers/sevenz/Folder.java | 22 ++++--
.../compress/archivers/sevenz/SevenZFile.java | 86 +++++++++++++++++-----
2 files changed, 84 insertions(+), 24 deletions(-)
diff --git
a/src/main/java/org/apache/commons/compress/archivers/sevenz/Folder.java
b/src/main/java/org/apache/commons/compress/archivers/sevenz/Folder.java
index dff9eea..1725be0 100644
--- a/src/main/java/org/apache/commons/compress/archivers/sevenz/Folder.java
+++ b/src/main/java/org/apache/commons/compress/archivers/sevenz/Folder.java
@@ -17,6 +17,7 @@
*/
package org.apache.commons.compress.archivers.sevenz;
+import java.util.Collections;
import java.util.LinkedList;
/**
@@ -53,9 +54,12 @@ class Folder {
* from the output of the first and so on.</p>
*/
Iterable<Coder> getOrderedCoders() {
+ if (packedStreams == null || coders == null || packedStreams.length ==
0 || coders.length == 0) {
+ return Collections.emptyList();
+ }
final LinkedList<Coder> l = new LinkedList<>();
int current = (int) packedStreams[0]; // more that 2^31 coders?
- while (current != -1) {
+ while (current >= 0 && current < coders.length) {
l.addLast(coders[current]);
final int pair = findBindPairForOutStream(current);
current = pair != -1 ? (int) bindPairs[pair].inIndex : -1;
@@ -64,18 +68,22 @@ class Folder {
}
int findBindPairForInStream(final int index) {
- for (int i = 0; i < bindPairs.length; i++) {
- if (bindPairs[i].inIndex == index) {
- return i;
+ if (bindPairs != null) {
+ for (int i = 0; i < bindPairs.length; i++) {
+ if (bindPairs[i].inIndex == index) {
+ return i;
+ }
}
}
return -1;
}
int findBindPairForOutStream(final int index) {
- for (int i = 0; i < bindPairs.length; i++) {
- if (bindPairs[i].outIndex == index) {
- return i;
+ if (bindPairs != null) {
+ for (int i = 0; i < bindPairs.length; i++) {
+ if (bindPairs[i].outIndex == index) {
+ return i;
+ }
}
}
return -1;
diff --git
a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
index 1a1b029..7a936a7 100644
--- a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
+++ b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
@@ -589,7 +589,7 @@ public class SevenZFile implements Closeable {
if (nid == NID.kAdditionalStreamsInfo) {
throw new IOException("Additional streams unsupported");
- //nid = header.readUnsignedByte();
+ //nid = getUnsignedByte(header);
}
if (nid == NID.kMainStreamsInfo) {
@@ -620,7 +620,7 @@ public class SevenZFile implements Closeable {
if (nid == NID.kAdditionalStreamsInfo) {
throw new IOException("Additional streams unsupported");
- //nid = header.readUnsignedByte();
+ //nid = getUnsignedByte(header);
}
if (nid == NID.kMainStreamsInfo) {
@@ -647,7 +647,11 @@ public class SevenZFile implements Closeable {
final long propertySize = readUint64(input);
assertFitsIntoNonNegativeInt("propertySize", propertySize);
final byte[] property = new byte[(int)propertySize];
- input.get(property);
+ try {
+ input.get(property);
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
+ }
nid = getUnsignedByte(input);
}
}
@@ -819,7 +823,11 @@ public class SevenZFile implements Closeable {
archive.packCrcs = new long[numPackStreamsInt];
for (int i = 0; i < numPackStreamsInt; i++) {
if (archive.packCrcsDefined.get(i)) {
- archive.packCrcs[i] = 0xffffFFFFL & header.getInt();
+ try {
+ archive.packCrcs[i] = 0xffffFFFFL & header.getInt();
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
+ }
}
}
@@ -920,7 +928,11 @@ public class SevenZFile implements Closeable {
for (int i = 0; i < numFoldersInt; i++) {
if (crcsDefined.get(i)) {
folders[i].hasCrc = true;
- folders[i].crc = 0xffffFFFFL & header.getInt();
+ try {
+ folders[i].crc = 0xffffFFFFL & header.getInt();
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
+ }
} else {
folders[i].hasCrc = false;
}
@@ -1056,7 +1068,11 @@ public class SevenZFile implements Closeable {
final long[] missingCrcs = new long[numDigests];
for (int i = 0; i < numDigests; i++) {
if (hasMissingCrc.get(i)) {
- missingCrcs[i] = 0xffffFFFFL & header.getInt();
+ try {
+ missingCrcs[i] = 0xffffFFFFL & header.getInt();
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
+ }
}
}
int nextCrc = 0;
@@ -1100,7 +1116,11 @@ public class SevenZFile implements Closeable {
for (int i = 0; i < numCoders; i++) {
final int bits = getUnsignedByte(header);
final int idSize = bits & 0xf;
- header.get(new byte[idSize]);
+ try {
+ header.get(new byte[idSize]);
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
+ }
final boolean isSimple = (bits & 0x10) == 0;
final boolean hasAttributes = (bits & 0x20) != 0;
@@ -1192,7 +1212,11 @@ public class SevenZFile implements Closeable {
final boolean moreAlternativeMethods = (bits & 0x80) != 0;
coders[i].decompressionMethodId = new byte[idSize];
- header.get(coders[i].decompressionMethodId);
+ try {
+ header.get(coders[i].decompressionMethodId);
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
+ }
if (isSimple) {
coders[i].numInStreams = 1;
coders[i].numOutStreams = 1;
@@ -1206,7 +1230,11 @@ public class SevenZFile implements Closeable {
final long propertiesSize = readUint64(header);
assertFitsIntoNonNegativeInt("propertiesSize", propertiesSize);
coders[i].properties = new byte[(int)propertiesSize];
- header.get(coders[i].properties);
+ try {
+ header.get(coders[i].properties);
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
+ }
}
// would need to keep looping as above:
while (moreAlternativeMethods) {
@@ -1333,9 +1361,13 @@ public class SevenZFile implements Closeable {
int filesSeen = 0;
for (int i = 0; i < namesLength; i += 2) {
- final char c = header.getChar();
- if (c == 0) {
- filesSeen++;
+ try {
+ final char c = header.getChar();
+ if (c == 0) {
+ filesSeen++;
+ }
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
}
}
if (filesSeen != stats.numberOfEntries) {
@@ -1461,7 +1493,11 @@ public class SevenZFile implements Closeable {
assertFitsIntoNonNegativeInt("file names length", size -
1);
final byte[] names = new byte[(int) (size - 1)];
final int namesLength = names.length;
- header.get(names);
+ try {
+ header.get(names);
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
+ }
int nextFile = 0;
int nextName = 0;
for (int i = 0; i < namesLength; i += 2) {
@@ -1488,7 +1524,11 @@ public class SevenZFile implements Closeable {
final SevenZArchiveEntry entryAtIndex = fileMap.get(i);
entryAtIndex.setHasCreationDate(timesDefined.get(i));
if (entryAtIndex.getHasCreationDate()) {
- entryAtIndex.setCreationDate(header.getLong());
+ try {
+ entryAtIndex.setCreationDate(header.getLong());
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
+ }
}
}
break;
@@ -1504,7 +1544,11 @@ public class SevenZFile implements Closeable {
final SevenZArchiveEntry entryAtIndex = fileMap.get(i);
entryAtIndex.setHasAccessDate(timesDefined.get(i));
if (entryAtIndex.getHasAccessDate()) {
- entryAtIndex.setAccessDate(header.getLong());
+ try {
+ entryAtIndex.setAccessDate(header.getLong());
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
+ }
}
}
break;
@@ -1520,7 +1564,11 @@ public class SevenZFile implements Closeable {
final SevenZArchiveEntry entryAtIndex = fileMap.get(i);
entryAtIndex.setHasLastModifiedDate(timesDefined.get(i));
if (entryAtIndex.getHasLastModifiedDate()) {
- entryAtIndex.setLastModifiedDate(header.getLong());
+ try {
+
entryAtIndex.setLastModifiedDate(header.getLong());
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
+ }
}
}
break;
@@ -1536,7 +1584,11 @@ public class SevenZFile implements Closeable {
final SevenZArchiveEntry entryAtIndex = fileMap.get(i);
entryAtIndex.setHasWindowsAttributes(attributesDefined.get(i));
if (entryAtIndex.getHasWindowsAttributes()) {
- entryAtIndex.setWindowsAttributes(header.getInt());
+ try {
+
entryAtIndex.setWindowsAttributes(header.getInt());
+ } catch (BufferUnderflowException ex) {
+ throw new IOException(ex);
+ }
}
}
break;
