This is an automated email from the ASF dual-hosted git repository. bodewig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push: new d15c285 COMPRESS-567 more uncaught runtime exceptions d15c285 is described below commit d15c285941351958a902265aeacdc151fa98c127 Author: Stefan Bodewig <stefan.bode...@innoq.com> AuthorDate: Tue May 18 21:29:20 2021 +0200 COMPRESS-567 more uncaught runtime exceptions Credit to OSS-Fuzz --- .../compress/archivers/tar/TarArchiveEntry.java | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveEntry.java b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveEntry.java index e49e180..bdb3058 100644 --- a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveEntry.java +++ b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveEntry.java @@ -1392,16 +1392,28 @@ public class TarArchiveEntry implements ArchiveEntry, TarConstants, EntryStreamO setUserName(val); break; case "size": - setSize(Long.parseLong(val)); + final long size = Long.parseLong(val); + if (size < 0) { + throw new IOException("Corrupted TAR archive. Entry size is negative"); + } + setSize(size); break; case "mtime": setModTime((long) (Double.parseDouble(val) * 1000)); break; case "SCHILY.devminor": - setDevMinor(Integer.parseInt(val)); + final int devMinor = Integer.parseInt(val); + if (devMinor < 0) { + throw new IOException("Corrupted TAR archive. Dev-Minor is negative"); + } + setDevMinor(devMinor); break; case "SCHILY.devmajor": - setDevMajor(Integer.parseInt(val)); + final int devMajor = Integer.parseInt(val); + if (devMajor < 0) { + throw new IOException("Corrupted TAR archive. Dev-Major is negative"); + } + setDevMajor(devMajor); break; case "GNU.sparse.size": fillGNUSparse0xData(headers);