ZipFile.java

bodewig Fri, 05 Aug 2011 00:34:00 -0700

Author: bodewig
Date: Fri Aug  5 07:33:25 2011
New Revision: 1154107

URL: http://svn.apache.org/viewvc?rev=1154107&view=rev
Log:
there is an off-by-one error in the loop that searches for the 'end of central 
directory record'


Modified:
    ant/core/trunk/WHATSNEW
    ant/core/trunk/src/main/org/apache/tools/zip/ZipFile.java   (contents, 
props changed)

Modified: ant/core/trunk/WHATSNEW
URL: 
http://svn.apache.org/viewvc/ant/core/trunk/WHATSNEW?rev=1154107&r1=1154106&r2=1154107&view=diff
==============================================================================
--- ant/core/trunk/WHATSNEW (original)
+++ ant/core/trunk/WHATSNEW Fri Aug  5 07:33:25 2011
@@ -78,6 +78,10 @@ Fixed bugs:
    that was invoked by multiple targets from the command line.
    Bugzilla Report 50894.
 
+ * The ZipFile class could read past the start of the file if the
+   given file is not a ZIP archive and it is smaller than the size of
+   a ZIP "end of central directory record".
+
 Other changes:
 --------------
 

Modified: ant/core/trunk/src/main/org/apache/tools/zip/ZipFile.java
URL: 
http://svn.apache.org/viewvc/ant/core/trunk/src/main/org/apache/tools/zip/ZipFile.java?rev=1154107&r1=1154106&r2=1154107&view=diff
==============================================================================
--- ant/core/trunk/src/main/org/apache/tools/zip/ZipFile.java (original)
+++ ant/core/trunk/src/main/org/apache/tools/zip/ZipFile.java Fri Aug  5 
07:33:25 2011
@@ -451,12 +451,16 @@ public class ZipFile {
         throws IOException {
         boolean found = false;
         long off = archive.length() - MIN_EOCD_SIZE;
-        long stopSearching = Math.max(0L, archive.length() - MAX_EOCD_SIZE);
+        final long stopSearching =
+            Math.max(0L, archive.length() - MAX_EOCD_SIZE);
         if (off >= 0) {
-            archive.seek(off);
-            byte[] sig = ZipOutputStream.EOCD_SIG;
-            int curr = archive.read();
-            while (off >= stopSearching && curr != -1) {
+            final byte[] sig = ZipOutputStream.EOCD_SIG;
+            for (; off >= stopSearching; off--) {
+                archive.seek(off);
+                int curr = archive.read();
+                if (curr == -1) {
+                    break;
+                }
                 if (curr == sig[POS_0]) {
                     curr = archive.read();
                     if (curr == sig[POS_1]) {
@@ -470,8 +474,6 @@ public class ZipFile {
                         }
                     }
                 }
-                archive.seek(--off);
-                curr = archive.read();
             }
         }
         if (!found) {

Propchange: ant/core/trunk/src/main/org/apache/tools/zip/ZipFile.java
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Aug  5 07:33:25 2011
@@ -1,2 +1,2 @@
-/commons/proper/compress/trunk/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java:911740,1146027
+/commons/proper/compress/trunk/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java:911740,1146027,1153735
 
/commons/sandbox/compress/trunk/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java:745920,746933,748133,748556,749342-749344,749524,749603,749855,749859

svn commit: r1154107 - in /ant/core/trunk: WHATSNEW src/main/org/apache/tools/zip/ZipFile.java

Reply via email to