This is an automated email from the ASF dual-hosted git repository. bodewig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push: new 0aba8b8 COMPRESS-542 and some final sanity checks 0aba8b8 is described below commit 0aba8b8fd8053ae323f15d736d1762b2161c76a6 Author: Stefan Bodewig <stefan.bode...@innoq.com> AuthorDate: Sun May 16 11:00:49 2021 +0200 COMPRESS-542 and some final sanity checks --- .../apache/commons/compress/archivers/sevenz/SevenZFile.java | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java index a08c02a..2d7bb77 100644 --- a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java +++ b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java @@ -41,6 +41,7 @@ import java.util.HashMap; import java.util.LinkedList; import java.util.List; import java.util.Map; +import java.util.stream.Collectors; import java.util.zip.CRC32; import org.apache.commons.compress.utils.BoundedInputStream; @@ -936,7 +937,10 @@ public class SevenZFile implements Closeable { for (int i = 0; i < stats.numberOfFolders; i++) { numUnpackSubStreamsPerFolder.add(assertFitsIntoNonNegativeInt("numStreams", readUint64(header))); } + stats.numberOfUnpackSubStreams = numUnpackSubStreamsPerFolder.stream().collect(Collectors.summingLong(Integer::longValue)); nid = getUnsignedByte(header); + } else { + stats.numberOfUnpackSubStreams = stats.numberOfFolders; } if (nid == NID.kSize) { @@ -952,7 +956,6 @@ public class SevenZFile implements Closeable { } sum += size; } - // TODO sum < folder.unpackSize } nid = getUnsignedByte(header); } @@ -1022,6 +1025,9 @@ public class SevenZFile implements Closeable { sum += size; } } + if (sum > folder.getUnpackSize()) { + throw new IOException("sum of unpack sizes of folder exceeds total unpack size"); + } subStreamsInfo.unpackSizes[nextUnpackStream++] = folder.getUnpackSize() - sum; } if (nid == NID.kSize) { @@ -2121,6 +2127,7 @@ public class SevenZFile implements Closeable { private long numberOfCoders; private long numberOfOutStreams; private long numberOfInStreams; + private long numberOfUnpackSubStreams; private int numberOfFolders; private BitSet folderHasCrc; private int numberOfEntries; @@ -2150,6 +2157,9 @@ public class SevenZFile implements Closeable { if (numberOfEntriesWithStream > 0 && numberOfFolders == 0) { throw new IOException("archive with entries but no folders"); } + if (numberOfEntriesWithStream > numberOfUnpackSubStreams) { + throw new IOException("archive doesn't contain enough substreams for entries"); + } } private long folderSize() {