This is an automated email from the ASF dual-hosted git repository. ggregory pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/commons-compress.git
commit 4f5af021834caab4dab3b08cd89db30fff6830ec Author: Gary Gregory <[email protected]> AuthorDate: Thu May 5 09:26:04 2022 -0400 ChecksumVerifyingInputStream.read() does not always validate checksum at end-of-stream. --- src/changes/changes.xml | 3 +++ .../apache/commons/compress/utils/ChecksumVerifyingInputStream.java | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/changes/changes.xml b/src/changes/changes.xml index ecba8dad..fd207832 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -103,6 +103,9 @@ The <action> type attribute can be add,update,fix,remove. <action type="fix" dev="ggregory" due-to="Arturo Bernal"> Avoid use C-style array declaration. #282. </action> + <action type="fix" dev="ggregory" due-to="Gary Gregory"> + ChecksumVerifyingInputStream.read() does not always validate checksum at end-of-stream. + </action> <!-- ADD --> <action issue="COMPRESS-602" type="add" dev="ggregory" due-to="Postelnicu George, Gary Gregory"> Migrate zip package to use NIO #236. diff --git a/src/main/java/org/apache/commons/compress/utils/ChecksumVerifyingInputStream.java b/src/main/java/org/apache/commons/compress/utils/ChecksumVerifyingInputStream.java index c80f7c82..cce434a0 100644 --- a/src/main/java/org/apache/commons/compress/utils/ChecksumVerifyingInputStream.java +++ b/src/main/java/org/apache/commons/compress/utils/ChecksumVerifyingInputStream.java @@ -65,7 +65,7 @@ public class ChecksumVerifyingInputStream extends InputStream { checksum.update(ret); --bytesRemaining; } - if (bytesRemaining == 0 && expectedChecksum != checksum.getValue()) { + if (bytesRemaining <= 0 && expectedChecksum != checksum.getValue()) { throw new IOException("Checksum verification failed"); } return ret;
