This is an automated email from the ASF dual-hosted git repository. bodewig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push: new 8289193 handle cases where more data attempted to be read than exists 8289193 is described below commit 82891935174bd58b77c44fdea40580a1717a480b Author: Stefan Bodewig <bode...@apache.org> AuthorDate: Sat May 22 20:12:28 2021 +0200 handle cases where more data attempted to be read than exists Credit to OSS-Fuzz --- .../commons/compress/archivers/sevenz/SevenZFile.java | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java index 87aa52a..1a1b029 100644 --- a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java +++ b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java @@ -21,10 +21,12 @@ import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; import java.io.Closeable; import java.io.DataInputStream; +import java.io.EOFException; import java.io.File; import java.io.FilterInputStream; import java.io.IOException; import java.io.InputStream; +import java.nio.BufferUnderflowException; import java.nio.ByteBuffer; import java.nio.ByteOrder; import java.nio.CharBuffer; @@ -493,7 +495,9 @@ public class SevenZFile implements Closeable { pos--; channel.position(pos); nidBuf.rewind(); - channel.read(nidBuf); + if (channel.read(nidBuf) < 1) { + throw new EOFException(); + } final int nid = nidBuf.array()[0]; // First indicator: Byte equals one of these header identifiers if (nid == NID.kEncodedHeader || nid == NID.kHeader) { @@ -2026,8 +2030,12 @@ public class SevenZFile implements Closeable { return value; } - private static int getUnsignedByte(final ByteBuffer buf) { - return buf.get() & 0xff; + private static int getUnsignedByte(final ByteBuffer buf) throws IOException { + try { + return buf.get() & 0xff; + } catch (BufferUnderflowException ex) { + throw new IOException(ex); + } } /**