[
https://issues.apache.org/jira/browse/COMPRESS-363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
fredwang_00 updated COMPRESS-363:
---------------------------------
Description:
in Class BitInputStream.java(\src\main\java\org\apache\commons\compress\utils),
funcion:
public long readBits(final int count) throws IOException {
if (count < 0 || count > MAXIMUM_CACHE_SIZE) {
throw new IllegalArgumentException("count must not be negative or
greater than " + MAXIMUM_CACHE_SIZE);
}
while (bitsCachedSize < count) {
final long nextByte = in.read();
if (nextByte < 0) {
return nextByte;
}
if (byteOrder == ByteOrder.LITTLE_ENDIAN) {
bitsCached |= (nextByte << bitsCachedSize);
} else {
bitsCached <<= 8;
bitsCached |= nextByte;
}
bitsCachedSize += 8;
}
final long bitsOut;
if (byteOrder == ByteOrder.LITTLE_ENDIAN) {
bitsOut = (bitsCached & MASKS[count]);
bitsCached >>>= count;
} else {
bitsOut = (bitsCached >> (bitsCachedSize - count)) & MASKS[count];
}
bitsCachedSize -= count;
return bitsOut;
}
I think here "bitsCached |= (nextByte << bitsCachedSize);" will overflow in
some cases. for example, below is a test case:
public static void test() {
ByteArrayInputStream in = new ByteArrayInputStream(new byte[]{87, 45,
66, 15,
90, 29,
88, 61, 33, 74});
BitInputStream bin = new BitInputStream(in, ByteOrder.LITTLE_ENDIAN);
try {
long ret = bin.readBits(5);
ret = bin.readBits(63);
ret = bin.readBits(12);
} catch (Exception e) {
e.printStackTrace();
}
}
overflow occur in "bin.readBits(63);" , so ,result in wrong result from
"bin.readBits(12);"
was:
in Class BitInputStream.java(\src\main\java\org\apache\commons\compress\utils),
funcion:
public long readBits(final int count) throws IOException {
if (count < 0 || count > MAXIMUM_CACHE_SIZE) {
throw new IllegalArgumentException("count must not be negative or
greater than " + MAXIMUM_CACHE_SIZE);
}
while (bitsCachedSize < count) {
final long nextByte = in.read();
if (nextByte < 0) {
return nextByte;
}
if (byteOrder == ByteOrder.LITTLE_ENDIAN) {
bitsCached |= (nextByte << bitsCachedSize);
} else {
bitsCached <<= 8;
bitsCached |= nextByte;
}
bitsCachedSize += 8;
}
final long bitsOut;
if (byteOrder == ByteOrder.LITTLE_ENDIAN) {
bitsOut = (bitsCached & MASKS[count]);
bitsCached >>>= count;
} else {
bitsOut = (bitsCached >> (bitsCachedSize - count)) & MASKS[count];
}
bitsCachedSize -= count;
return bitsOut;
}
I think here "bitsCached |= (nextByte << bitsCachedSize);" will overflow in
some cases. for example, below is a test case:
public static void test() {
ByteArrayInputStream in = new ByteArrayInputStream(new byte[]{87, 45,
66, 15,
90, 29,
88, 61, 33, 74});
BitInputStream bin = new BitInputStream(in, ByteOrder.LITTLE_ENDIAN);
try {
long ret = bin.readBits(5);
ret = bin.readBits(63);
ret = bin.readBits(12);
} catch (Exception e) {
e.printStackTrace();
}
}
overflow occur in "bin.readBits(63);" , so ,result in wrong result from
"bin.readBits(12);"
> Overflow in BitInputStream
> --------------------------
>
> Key: COMPRESS-363
> URL: https://issues.apache.org/jira/browse/COMPRESS-363
> Project: Commons Compress
> Issue Type: Bug
> Components: Compressors
> Affects Versions: 1.12
> Reporter: fredwang_00
>
> in Class
> BitInputStream.java(\src\main\java\org\apache\commons\compress\utils),
> funcion:
> public long readBits(final int count) throws IOException {
> if (count < 0 || count > MAXIMUM_CACHE_SIZE) {
> throw new IllegalArgumentException("count must not be negative or
> greater than " + MAXIMUM_CACHE_SIZE);
> }
> while (bitsCachedSize < count) {
> final long nextByte = in.read();
> if (nextByte < 0) {
> return nextByte;
> }
> if (byteOrder == ByteOrder.LITTLE_ENDIAN) {
> bitsCached |= (nextByte << bitsCachedSize);
> } else {
> bitsCached <<= 8;
> bitsCached |= nextByte;
> }
> bitsCachedSize += 8;
> }
> final long bitsOut;
> if (byteOrder == ByteOrder.LITTLE_ENDIAN) {
> bitsOut = (bitsCached & MASKS[count]);
> bitsCached >>>= count;
> } else {
> bitsOut = (bitsCached >> (bitsCachedSize - count)) & MASKS[count];
> }
> bitsCachedSize -= count;
> return bitsOut;
> }
> I think here "bitsCached |= (nextByte << bitsCachedSize);" will overflow in
> some cases. for example, below is a test case:
> public static void test() {
> ByteArrayInputStream in = new ByteArrayInputStream(new byte[]{87, 45,
> 66, 15,
> 90, 29,
> 88, 61, 33, 74});
> BitInputStream bin = new BitInputStream(in, ByteOrder.LITTLE_ENDIAN);
> try {
> long ret = bin.readBits(5);
> ret = bin.readBits(63);
> ret = bin.readBits(12);
> } catch (Exception e) {
> e.printStackTrace();
> }
> }
> overflow occur in "bin.readBits(63);" , so ,result in wrong result from
> "bin.readBits(12);"
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
