Philip Betzler-Braun created COMPRESS-713:
---------------------------------------------
Summary: Unchecked pre-decremental notation in for-loop as array
index causes ArrayOutOfBounds access
Key: COMPRESS-713
URL: https://issues.apache.org/jira/browse/COMPRESS-713
Project: Commons Compress
Issue Type: Bug
Components: Compressors
Environment: Ubuntu 24.04
$ java --version
openjdk 21.0.8 2025-07-15
OpenJDK Runtime Environment (build 21.0.8+9-Ubuntu-0ubuntu124.04.1)
OpenJDK 64-Bit Server VM (build 21.0.8+9-Ubuntu-0ubuntu124.04.1, mixed mode,
sharing)
Reporter: Philip Betzler-Braun
Attachments: ArrayOutOfBoundsZipInArchiveInputStreamReproducer.java
*Issue:*
LZWInputStream
(org.apache.commons.compress.compressors.lzw.LZWInputStream.expandCodeToOutputStack(LZWInputStream.java:150))
contains a byte array outputStack with the size 8192 and an int
outputStackLocation that is used to find the position to write to in the stack.
In the function expandCodeToOutputStack (LZWInputStream.java:150) there is a
C-style pre-decremental statement that is executed in a for-loop and never
checks what it's value is and if the loop goes on for more then 8192
iterations, it causes an ArrayOutOfBounds access to the outputStack byte array.
Begin: LZWInputStream.java:149
{code:java}
for (int entry = code; entry >= 0; entry = prefixes[entry]) {
outputStack[--outputStackLocation] = characters[entry];
} {code}
*Suggestion:*
* Catch the ArrayOutOfBounds exception and throw a library specific exception.
*Reproduction:*
(reprocuder in attached file -> intended location is:
src/test/java/org/apache/commons/compress/archivers/zip/ArrayOutOfBoundsZipInArchiveInputStreamReproducer.java)
[^ArrayOutOfBoundsZipInArchiveInputStreamReproducer.java]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
