Rohan Padhye created COMPRESS-424:
-------------------------------------
Summary: [bzip2] Multiple ArrayIndexOutOfBoundsException(s) when
decompressing malformed input
Key: COMPRESS-424
URL: https://issues.apache.org/jira/browse/COMPRESS-424
Project: Commons Compress
Issue Type: Bug
Components: Compressors
Affects Versions: 1.15, 1.14
Reporter: Rohan Padhye
Priority: Minor
Encountered multiple unchecked exceptions thrown from
{{BZip2CompressorInputStream.<init>}} when parsing malformed files.
{{ArrayIndexOutOfBoundsException}} is an unchecked exception that is not
documented in this API; therefore, such exceptions can cause stability issues
in applications that are not expecting them. Instead, an {{IOException}} should
be thrown indicating that the input stream contains malformed data.
Stack traces for three distinct (but possibly related) sources of exceptions
follow:
{noformat}
java.lang.ArrayIndexOutOfBoundsException: 65536
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.hbCreateDecodeTables(BZip2CompressorInputStream.java:422)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.createHuffmanDecodingTables(BZip2CompressorInputStream.java:546)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:518)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
{noformat}
{noformat}
java.lang.ArrayIndexOutOfBoundsException: 6
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:493)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
{noformat}
{noformat}
java.lang.ArrayIndexOutOfBoundsException: 18002
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:605)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
at
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
{noformat}
The inputs were found by mutating random bytes in a simple well-formed file (a
compressed string of zeros).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
