[
https://issues.apache.org/jira/browse/COMPRESS-599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17451931#comment-17451931
]
Dominik Stadler commented on COMPRESS-599:
------------------------------------------
The test-case just came out of the fuzzer "Jazzer" and was just for making it
easy for you to reproduce.
Different stacktraces are possible depending on how much memory your JavaVM has
available and if you limit it via -Xmx. I think I used "1024m". I expect that
multiple large allocations at some point exhaust the available memory here, so
your results will vary slightly depending on JVM details/settings.
> Memory usage in Pack200Compressor cannot be limited
> ---------------------------------------------------
>
> Key: COMPRESS-599
> URL: https://issues.apache.org/jira/browse/COMPRESS-599
> Project: Commons Compress
> Issue Type: Bug
> Components: Compressors
> Affects Versions: 1.21
> Reporter: Dominik Stadler
> Priority: Major
> Labels: fuzzer, memory
>
> While fuzzing commons-compress, I found the following case where a specific
> input leads to unbounded memory allocation in the Pack200Compressor.
> It seems there is currently no way to limit memory usage of this compressor
> and thus this cannot be avoided if you process untrusted data via
> commons-compress.
> With the following code-snippet:
> {noformat}
> public class Crash_0d5a0130ab3cd32f299b2a27aa76f24a0bbabae8 {
> static final String base64Bytes =
> "yv7QDQeW0ABgfwDuwOn8QwIGAAIBAQAAd9zc3Nzc3Nzc3Nzc3Nzc3NxuZXR3YXJl3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3GluZG93cwAAAwMUAxUDZmVzdA0K";
> public static void main(String[] args) throws IOException {
> byte[] input = java.util.Base64.getDecoder().decode(base64Bytes);
> new Pack200CompressorInputStream(new ByteArrayInputStream(input),
> Pack200Strategy.TEMP_FILE);
> }
> } {noformat}
> The following exception happens:
> {noformat}
> Exception in thread "main" java.lang.OutOfMemoryError: Java heap space
> at
> org.apache.commons.compress.harmony.pack200.Codec.decodeInts(Codec.java:169)
> at
> org.apache.commons.compress.harmony.pack200.BHSDCodec.decodeInts(BHSDCodec.java:256)
> at
> org.apache.commons.compress.harmony.unpack200.BandSet.decodeBandInt(BandSet.java:100)
> at
> org.apache.commons.compress.harmony.unpack200.CpBands.parseCpUtf8(CpBands.java:366)
> at
> org.apache.commons.compress.harmony.unpack200.CpBands.read(CpBands.java:111)
> at
> org.apache.commons.compress.harmony.unpack200.Segment.readSegment(Segment.java:351)
> at
> org.apache.commons.compress.harmony.unpack200.Segment.unpackRead(Segment.java:459)
> at
> org.apache.commons.compress.harmony.unpack200.Segment.unpack(Segment.java:436)
> at
> org.apache.commons.compress.harmony.unpack200.Archive.unpack(Archive.java:155)
> at
> org.apache.commons.compress.harmony.unpack200.Pack200UnpackerAdapter.unpack(Pack200UnpackerAdapter.java:49)
> at
> org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream.<init>(Pack200CompressorInputStream.java:183)
> at
> org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream.<init>(Pack200CompressorInputStream.java:77)
> at
> Crash_0d5a0130ab3cd32f299b2a27aa76f24a0bbabae8.main(Crash_0d5a0130ab3cd32f299b2a27aa76f24a0bbabae8.java:13)
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
