[commons-compress] 02/02: JDK's ZipEntry#setExtra parses a few extra fields itself ...

[bodewig]

This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git

commit 51265b23722d9ce2262d68979ce7dbb79b94f430
Author: Stefan Bodewig <bode...@apache.org>
AuthorDate: Sat May 1 18:31:34 2021 +0200

    JDK's ZipEntry#setExtra parses a few extra fields itself ...
    
    ... and may throw RuntimeExceptions every now and then
---
 .../commons/compress/archivers/zip/ZipArchiveInputStream.java     | 8 +++++++-
 .../java/org/apache/commons/compress/archivers/zip/ZipFile.java   | 8 +++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git 
a/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
 
b/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
index 2652294..af3d45f 100644
--- 
a/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
+++ 
b/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
@@ -348,7 +348,13 @@ public class ZipArchiveInputStream extends 
ArchiveInputStream implements InputSt
 
         final byte[] extraData = new byte[extraLen];
         readFully(extraData);
-        current.entry.setExtra(extraData);
+        try {
+            current.entry.setExtra(extraData);
+        } catch (RuntimeException ex) {
+            final ZipException z = new ZipException("Invalid extra data in 
entry " + current.entry.getName());
+            z.initCause(ex);
+            throw z;
+        }
 
         if (!hasUTF8Flag && useUnicodeExtraFields) {
             ZipUtil.setNameAndCommentFromExtraFields(current.entry, fileName, 
null);
diff --git 
a/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java 
b/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
index d3dd565..17f340b 100644
--- a/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
+++ b/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
@@ -1262,7 +1262,13 @@ public class ZipFile implements Closeable {
             skipBytes(fileNameLen);
             final byte[] localExtraData = new byte[extraFieldLen];
             IOUtils.readFully(archive, ByteBuffer.wrap(localExtraData));
-            ze.setExtra(localExtraData);
+            try {
+                ze.setExtra(localExtraData);
+            } catch (RuntimeException ex) {
+                final ZipException z = new ZipException("Invalid extra data in 
entry " + ze.getName());
+                z.initCause(ex);
+                throw z;
+            }
 
             if (entriesWithoutUTF8Flag.containsKey(ze)) {
                 final NameAndComment nc = entriesWithoutUTF8Flag.get(ze);