[commons-compress] branch master updated: handle cases where more data attempted to be read than exists

Sat, 22 May 2021 11:13:47 -0700 

This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git


The following commit(s) were added to refs/heads/master by this push:
     new 8289193  handle cases where more data attempted to be read than exists
8289193 is described below

commit 82891935174bd58b77c44fdea40580a1717a480b
Author: Stefan Bodewig <bode...@apache.org>
AuthorDate: Sat May 22 20:12:28 2021 +0200

    handle cases where more data attempted to be read than exists
    
    Credit to OSS-Fuzz
---
 .../commons/compress/archivers/sevenz/SevenZFile.java      | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git 
a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java 
b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
index 87aa52a..1a1b029 100644
--- a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
+++ b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
@@ -21,10 +21,12 @@ import java.io.BufferedInputStream;
 import java.io.ByteArrayInputStream;
 import java.io.Closeable;
 import java.io.DataInputStream;
+import java.io.EOFException;
 import java.io.File;
 import java.io.FilterInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.BufferUnderflowException;
 import java.nio.ByteBuffer;
 import java.nio.ByteOrder;
 import java.nio.CharBuffer;
@@ -493,7 +495,9 @@ public class SevenZFile implements Closeable {
             pos--;
             channel.position(pos);
             nidBuf.rewind();
-            channel.read(nidBuf);
+            if (channel.read(nidBuf) < 1) {
+                throw new EOFException();
+            }
             final int nid = nidBuf.array()[0];
             // First indicator: Byte equals one of these header identifiers
             if (nid == NID.kEncodedHeader || nid == NID.kHeader) {
@@ -2026,8 +2030,12 @@ public class SevenZFile implements Closeable {
         return value;
     }
 
-    private static int getUnsignedByte(final ByteBuffer buf) {
-        return buf.get() & 0xff;
+    private static int getUnsignedByte(final ByteBuffer buf) throws 
IOException {
+        try {
+            return buf.get() & 0xff;
+        } catch (BufferUnderflowException ex) {
+            throw new IOException(ex);
+        }
     }
 
     /**

Reply via email to