akelday commented on pull request #120: URL: https://github.com/apache/commons-compress/pull/120#issuecomment-669553548
> avoid the entry allocation completely before we are sure the header is not corrupted Probably not possible with the current code... **tryToLocateEndHeader** is the real cause because it does no CRC check and cannot, because by definition it's already a corrupt file. I have crafted a 233 byte malformed 7z which would attempt to allocate 268,435,455 files but I'm not certain it's wise to post it here. This is in some way related to my own problems with a very large 7z because the "kName" section allocates an enormous buffer for filenames (fixable by streaming the bytes instead). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
