ppkarwasz opened a new pull request, #728:
URL: https://github.com/apache/commons-compress/pull/728
> [!WARNING]
> This PR is based on #723 and is submitted as **draft**, while we discuss
the other one.
Today `ArjArchiveInputStream` keeps scanning past invalid headers, assuming
self-extracting stubs. That can hide corruption.
This PR:
* Introduces a `selfExtracting` ARJ archive option (default **false**).
* **false:** no scanning; parse strictly from the first byte. Any
invalid/truncated header fails fast.
* **true:** scan only to locate the Main Archive Header (AMH), then switch
to **strict mode**. All subsequent headers must be contiguous and valid.
**Behavioral change**
Previously, we might “skip over” bad data. Now we **only** allow a discovery
scan for AMH (when opted in); everything after must validate or fail.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
