Re: [PR] COMPRESS-632: Adding a check for invalid maxCodeSize [commons-compress]

Fri, 10 Nov 2023 05:48:29 -0800 


garydgregory commented on code in PR #435:
URL: https://github.com/apache/commons-compress/pull/435#discussion_r1389403183


##########
src/test/java/org/apache/commons/compress/compressors/z/ZCompressorInputStreamTest.java:
##########
@@ -68,4 +73,32 @@ public void 
testSingleByteReadConsistentlyReturnsMinusOneAtEof() throws IOExcept
         }
     }
 
+    @Test
+    public void testInvalidMaxCodeSize() throws IOException {
+        Set<Integer> invalidValues = new TreeSet<>();
+        invalidValues.addAll(IntStream.range(Byte.MIN_VALUE, 
-120).boxed().collect(Collectors.toSet()));
+        invalidValues.addAll(IntStream.range(-97, 
-88).boxed().collect(Collectors.toSet()));
+        invalidValues.addAll(IntStream.range(-65, 
-56).boxed().collect(Collectors.toSet()));
+        invalidValues.addAll(IntStream.range(-33, 
-24).boxed().collect(Collectors.toSet()));
+        invalidValues.addAll(IntStream.range(-1, 
8).boxed().collect(Collectors.toSet()));
+        invalidValues.addAll(IntStream.range(31, 
40).boxed().collect(Collectors.toSet()));
+        invalidValues.addAll(IntStream.range(63, 
72).boxed().collect(Collectors.toSet()));
+        invalidValues.addAll(IntStream.range(95, 
104).boxed().collect(Collectors.toSet()));
+        invalidValues.add(127);
+
+        final File input = getFile("bla.tar.Z");
+        try (final InputStream contentStream = 
Files.newInputStream(input.toPath())) {
+            final byte[] content = IOUtils.toByteArray(contentStream);
+
+            for (int value : invalidValues) {
+                content[2] = (byte) value;
+
+                // Test that invalid values always throw an IOException
+                assertThrows(IOException.class, () ->
+                        new ZCompressorInputStream(new 
ByteArrayInputStream(content), 1024 * 1024)
+                );
+            }
+        }

Review Comment:
   Hello @yakovsh 
   Simplify and clarify: You can read the file test fixture's content in one 
call. You can just stream over the IntStreams.
   ```
           final byte[] bytes = 
Files.readAllBytes(AbstractTest.getPath("bla.tar.Z"));
   
           // @formatter:off
           final IntStream[] invalid = {
               IntStream.range(Byte.MIN_VALUE, -120),
               IntStream.range(-97, -88),
               IntStream.range(-65, -56),
               IntStream.range(-33, -24),
               IntStream.range(-1, 8),
               IntStream.range(31, 40),
               IntStream.range(63, 72),
               IntStream.range(95, 104),
               IntStream.range(127, 127)
               };
           // @formatter:on
   
           Stream.of(invalid).forEach(ints -> ints.forEach(i -> {
               bytes[2] = (byte) i;
               assertThrows(IllegalArgumentException.class, () -> new 
ZCompressorInputStream(new ByteArrayInputStream(bytes), 1024 * 1024),
                       () -> "value=" + i);
           }));
   ```
   Also, the exception should be thrown in the initializeTables method where 
the check is already performed and can be expanded:
   ```
   diff --git 
a/src/main/java/org/apache/commons/compress/compressors/lzw/LZWInputStream.java 
b/src/main/java/org/apache/commons/compress/compressors/lzw/LZWInputStream.java
   index cad2a2b..cf5433f 100644
   --- 
a/src/main/java/org/apache/commons/compress/compressors/lzw/LZWInputStream.java
   +++ 
b/src/main/java/org/apache/commons/compress/compressors/lzw/LZWInputStream.java
   @@ -164,13 +164,15 @@
    
        /**
         * Initializes the arrays based on the maximum code size.
   +     *
         * @param maxCodeSize maximum code size
   -     * @throws IllegalArgumentException if {@code maxCodeSize} is not 
bigger than 0
   +     * @throws IllegalArgumentException if {@code maxCodeSize} is out of 
bounds for {@code prefixes} and {@code characters}.
         */
        protected void initializeTables(final int maxCodeSize) {
   -        if (maxCodeSize <= 0) {
   -            throw new IllegalArgumentException("maxCodeSize is " + 
maxCodeSize
   -                + ", must be bigger than 0");
   +        // maxCodeSize shifted cannot be less than 256, otherwise the loop 
in initializeTables() will throw an ArrayIndexOutOfBoundsException
   +        // maxCodeSize cannot be smaller than getCodeSize(), otherwise 
addEntry() will throw an ArrayIndexOutOfBoundsException
   +        if ((1 << maxCodeSize) < 256 || getCodeSize() > maxCodeSize) {
   +            throw new IllegalArgumentException("maxCodeSize is " + 
maxCodeSize + ", must be bigger than 0");
            }
            final int maxTableSize = 1 << maxCodeSize;
            prefixes = new int[maxTableSize];
   ```
   See git master. You are credited in `changes.xml` and the commit comment.
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to