Philip Betzler-Braun created COMPRESS-712:
---------------------------------------------
Summary: unsanitized read causes IndexOutOfBoundsException in
DumpArchiveInputStream.java:359
Key: COMPRESS-712
URL: https://issues.apache.org/jira/browse/COMPRESS-712
Project: Commons Compress
Issue Type: Bug
Components: Archivers
Environment: Ubuntu 24.04
$ java --version
openjdk 21.0.8 2025-07-15
OpenJDK Runtime Environment (build 21.0.8+9-Ubuntu-0ubuntu124.04.1)
OpenJDK 64-Bit Server VM (build 21.0.8+9-Ubuntu-0ubuntu124.04.1, mixed mode,
sharing)
Reporter: Philip Betzler-Braun
Attachments: IndexOutOfBoundsReproducerInDumpArchiveInputStream.java
*Issue:*
When reading in unsanitized data in the readDirectoryEntry(DumpArchiveEntry
entry)
(org/apache/commons/compress/archivers/dump/DumpArchiveInputStream.java:514)
the call to DumpArchiveUtil.convert32(blockBuffer, i)
(DumpArchiveInputStream.java:542) can return negative numbers that are stored
down the line as int inos in the "name" HashMap.
When trying to get the path of the DumpArchiveEntry
(DumpArchiveInputStream.getPath(DumpArchiveInputStream.java:359)) the "names"
Hashmap is used as filter befor querrying the visited inos. The visited inos
are stored in a BitSet. If the DumpArchiveEntry or a parent directory contains
a negative number that was also saved earlier in the "name" Hashmap, the get
(java.base/java.util.BitSet.get(BitSet.java:626)) function is throwing an
java.lang.IndexOutOfBoundsException.
*Suggestion:*
# Catch negative ino numbers in a wrapper function around
DumpArchiveUtil.convert32 and throw an expected error.
# Catch all internal (runtime) exceptions and throw a general expected
exception.
{*}Reproducer:{*}{*}{*}
(attached as file -> expected position:
src/test/java/org/apache/commons/compress/archivers/IndexOutOfBoundsReproducerInDumpArchiveInputStream.java)
*[^IndexOutOfBoundsReproducerInDumpArchiveInputStream.java]*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
