[
https://issues.apache.org/jira/browse/COMPRESS-355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15291466#comment-15291466
]
Jeremy Gustie commented on COMPRESS-355:
----------------------------------------
I can confirm the fix
[here|https://github.com/apache/commons-compress/compare/master...blackducksoftware:bug/COMPRESS-355-negative-array-size]
works (alas, no tests).
> Parsing PAX headers fails with NegativeArraySizeException
> ---------------------------------------------------------
>
> Key: COMPRESS-355
> URL: https://issues.apache.org/jira/browse/COMPRESS-355
> Project: Commons Compress
> Issue Type: Bug
> Components: Archivers
> Affects Versions: 1.11
> Reporter: Jeremy Gustie
>
> The {{TarArchiveInputStream.parsePaxHeaders}} method fails with a
> {{NegativeArraySizeException}} when there is an empty line at the end of the
> headers.
> The inner loop starts reading the length, but it gets a newline (10) and ends
> up subtracting '0' (48) from it; the result is a negative length that blows
> up an attempt to allocate the {{rest}} array.
> I would say that a check to see if {{ch}} is less the '0' and break the loop
> if it is.
> I used {{npm pack [email protected]}} to generate a tarball with this issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
