[
https://issues.apache.org/jira/browse/COMPRESS-599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17451983#comment-17451983
]
Gary D. Gregory commented on COMPRESS-599:
------------------------------------------
[[email protected]]
Thank you for the clarification.
Would you mind documenting here more precisely how you generated this result?
> Memory usage in Pack200Compressor cannot be limited
> ---------------------------------------------------
>
> Key: COMPRESS-599
> URL: https://issues.apache.org/jira/browse/COMPRESS-599
> Project: Commons Compress
> Issue Type: Bug
> Components: Compressors
> Affects Versions: 1.21
> Reporter: Dominik Stadler
> Priority: Major
> Labels: fuzzer, memory
>
> While fuzzing commons-compress, I found the following case where a specific
> input leads to unbounded memory allocation in the Pack200Compressor.
> It seems there is currently no way to limit memory usage of this compressor
> and thus this cannot be avoided if you process untrusted data via
> commons-compress.
> With the following code-snippet:
> {noformat}
> public class Crash_0d5a0130ab3cd32f299b2a27aa76f24a0bbabae8 {
> static final String base64Bytes =
> "yv7QDQeW0ABgfwDuwOn8QwIGAAIBAQAAd9zc3Nzc3Nzc3Nzc3Nzc3NxuZXR3YXJl3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3GluZG93cwAAAwMUAxUDZmVzdA0K";
> public static void main(String[] args) throws IOException {
> byte[] input = java.util.Base64.getDecoder().decode(base64Bytes);
> new Pack200CompressorInputStream(new ByteArrayInputStream(input),
> Pack200Strategy.TEMP_FILE);
> }
> } {noformat}
> The following exception happens:
> {noformat}
> Exception in thread "main" java.lang.OutOfMemoryError: Java heap space
> at
> org.apache.commons.compress.harmony.pack200.Codec.decodeInts(Codec.java:169)
> at
> org.apache.commons.compress.harmony.pack200.BHSDCodec.decodeInts(BHSDCodec.java:256)
> at
> org.apache.commons.compress.harmony.unpack200.BandSet.decodeBandInt(BandSet.java:100)
> at
> org.apache.commons.compress.harmony.unpack200.CpBands.parseCpUtf8(CpBands.java:366)
> at
> org.apache.commons.compress.harmony.unpack200.CpBands.read(CpBands.java:111)
> at
> org.apache.commons.compress.harmony.unpack200.Segment.readSegment(Segment.java:351)
> at
> org.apache.commons.compress.harmony.unpack200.Segment.unpackRead(Segment.java:459)
> at
> org.apache.commons.compress.harmony.unpack200.Segment.unpack(Segment.java:436)
> at
> org.apache.commons.compress.harmony.unpack200.Archive.unpack(Archive.java:155)
> at
> org.apache.commons.compress.harmony.unpack200.Pack200UnpackerAdapter.unpack(Pack200UnpackerAdapter.java:49)
> at
> org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream.<init>(Pack200CompressorInputStream.java:183)
> at
> org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream.<init>(Pack200CompressorInputStream.java:77)
> at
> Crash_0d5a0130ab3cd32f299b2a27aa76f24a0bbabae8.main(Crash_0d5a0130ab3cd32f299b2a27aa76f24a0bbabae8.java:13)
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
