[jira] [Created] (COMPRESS-599) Memory usage in Pack200Compressor cannot be limited

Wed, 01 Dec 2021 05:41:06 -0800 

Dominik Stadler created COMPRESS-599:
----------------------------------------

             Summary: Memory usage in Pack200Compressor cannot be limited
                 Key: COMPRESS-599
                 URL: https://issues.apache.org/jira/browse/COMPRESS-599
             Project: Commons Compress
          Issue Type: Bug
          Components: Compressors
    Affects Versions: 1.21
            Reporter: Dominik Stadler


While fuzzing commons-compress, I found the following case where a specific 
input leads to unbounded memory allocation in the Pack200Compressor.

It seems there is currently no way to limit memory usage of this compressor and 
thus this cannot be avoided if you process untrusted data via commons-compress.

With the following code-snippet:
{noformat}
public class Crash_0d5a0130ab3cd32f299b2a27aa76f24a0bbabae8 {
    static final String base64Bytes = 
"yv7QDQeW0ABgfwDuwOn8QwIGAAIBAQAAd9zc3Nzc3Nzc3Nzc3Nzc3NxuZXR3YXJl3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3GluZG93cwAAAwMUAxUDZmVzdA0K";

    public static void main(String[] args) throws IOException {
        byte[] input = java.util.Base64.getDecoder().decode(base64Bytes);
      new Pack200CompressorInputStream(new ByteArrayInputStream(input), 
Pack200Strategy.TEMP_FILE);
    }
} {noformat}
The following exception happens:
{noformat}
Exception in thread "main" java.lang.OutOfMemoryError: Java heap space
    at 
org.apache.commons.compress.harmony.pack200.Codec.decodeInts(Codec.java:169)
    at 
org.apache.commons.compress.harmony.pack200.BHSDCodec.decodeInts(BHSDCodec.java:256)
    at 
org.apache.commons.compress.harmony.unpack200.BandSet.decodeBandInt(BandSet.java:100)
    at 
org.apache.commons.compress.harmony.unpack200.CpBands.parseCpUtf8(CpBands.java:366)
    at 
org.apache.commons.compress.harmony.unpack200.CpBands.read(CpBands.java:111)
    at 
org.apache.commons.compress.harmony.unpack200.Segment.readSegment(Segment.java:351)
    at 
org.apache.commons.compress.harmony.unpack200.Segment.unpackRead(Segment.java:459)
    at 
org.apache.commons.compress.harmony.unpack200.Segment.unpack(Segment.java:436)
    at 
org.apache.commons.compress.harmony.unpack200.Archive.unpack(Archive.java:155)
    at 
org.apache.commons.compress.harmony.unpack200.Pack200UnpackerAdapter.unpack(Pack200UnpackerAdapter.java:49)
    at 
org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream.<init>(Pack200CompressorInputStream.java:183)
    at 
org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream.<init>(Pack200CompressorInputStream.java:77)
    at 
Crash_0d5a0130ab3cd32f299b2a27aa76f24a0bbabae8.main(Crash_0d5a0130ab3cd32f299b2a27aa76f24a0bbabae8.java:13)
 {noformat}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to