This is an automated email from the ASF dual-hosted git repository. bodewig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push: new cf4608b more stongly guard what is supposed to become an array size cf4608b is described below commit cf4608bc5752c066d6902d7eb075f6c6da57c397 Author: Stefan Bodewig <bode...@apache.org> AuthorDate: Sat May 1 18:46:09 2021 +0200 more stongly guard what is supposed to become an array size --- .../compress/archivers/sevenz/SevenZFile.java | 35 +++++++++++----------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java index dcdb5e3..2f24547 100644 --- a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java +++ b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java @@ -515,7 +515,7 @@ public class SevenZFile implements Closeable { } private Archive initializeArchive(final StartHeader startHeader, final byte[] password, final boolean verifyCrc) throws IOException { - assertFitsIntoInt("nextHeaderSize", startHeader.nextHeaderSize); + assertFitsIntoNonNegativeInt("nextHeaderSize", startHeader.nextHeaderSize); final int nextHeaderSizeInt = (int) startHeader.nextHeaderSize; channel.position(SIGNATURE_HEADER_SIZE + startHeader.nextHeaderOffset); ByteBuffer buf = ByteBuffer.allocate(nextHeaderSizeInt).order(ByteOrder.LITTLE_ENDIAN); @@ -589,7 +589,7 @@ public class SevenZFile implements Closeable { int nid = getUnsignedByte(input); while (nid != NID.kEnd) { final long propertySize = readUint64(input); - assertFitsIntoInt("propertySize", propertySize); + assertFitsIntoNonNegativeInt("propertySize", propertySize); final byte[] property = new byte[(int)propertySize]; input.get(property); nid = getUnsignedByte(input); @@ -620,7 +620,7 @@ public class SevenZFile implements Closeable { inputStreamStack = new CRC32VerifyingInputStream(inputStreamStack, folder.getUnpackSize(), folder.crc); } - assertFitsIntoInt("unpackSize", folder.getUnpackSize()); + assertFitsIntoNonNegativeInt("unpackSize", folder.getUnpackSize()); final byte[] nextHeader = new byte[(int)folder.getUnpackSize()]; try (DataInputStream nextHeaderInputStream = new DataInputStream(inputStreamStack)) { nextHeaderInputStream.readFully(nextHeader); @@ -657,7 +657,7 @@ public class SevenZFile implements Closeable { private void readPackInfo(final ByteBuffer header, final Archive archive) throws IOException { archive.packPos = readUint64(header); final long numPackStreams = readUint64(header); - assertFitsIntoInt("numPackStreams", numPackStreams); + assertFitsIntoNonNegativeInt("numPackStreams", numPackStreams); final int numPackStreamsInt = (int) numPackStreams; int nid = getUnsignedByte(header); if (nid == NID.kSize) { @@ -691,7 +691,7 @@ public class SevenZFile implements Closeable { throw new IOException("Expected kFolder, got " + nid); } final long numFolders = readUint64(header); - assertFitsIntoInt("numFolders", numFolders); + assertFitsIntoNonNegativeInt("numFolders", numFolders); final int numFoldersInt = (int) numFolders; final Folder[] folders = new Folder[numFoldersInt]; archive.folders = folders; @@ -708,7 +708,7 @@ public class SevenZFile implements Closeable { throw new IOException("Expected kCodersUnpackSize, got " + nid); } for (final Folder folder : folders) { - assertFitsIntoInt("totalOutputStreams", folder.totalOutputStreams); + assertFitsIntoNonNegativeInt("totalOutputStreams", folder.totalOutputStreams); folder.unpackSizes = new long[(int)folder.totalOutputStreams]; for (int i = 0; i < folder.totalOutputStreams; i++) { folder.unpackSizes[i] = readUint64(header); @@ -746,7 +746,7 @@ public class SevenZFile implements Closeable { totalUnpackStreams = 0; for (final Folder folder : archive.folders) { final long numStreams = readUint64(header); - assertFitsIntoInt("numStreams", numStreams); + assertFitsIntoNonNegativeInt("numStreams", numStreams); folder.numUnpackSubStreams = (int)numStreams; totalUnpackStreams += numStreams; } @@ -785,6 +785,7 @@ public class SevenZFile implements Closeable { } if (nid == NID.kCRC) { + assertFitsIntoNonNegativeInt("numDigests", numDigests); final BitSet hasMissingCrc = readAllOrBits(header, numDigests); final long[] missingCrcs = new long[numDigests]; for (int i = 0; i < numDigests; i++) { @@ -823,7 +824,7 @@ public class SevenZFile implements Closeable { final Folder folder = new Folder(); final long numCoders = readUint64(header); - assertFitsIntoInt("numCoders", numCoders); + assertFitsIntoNonNegativeInt("numCoders", numCoders); final Coder[] coders = new Coder[(int)numCoders]; long totalInStreams = 0; long totalOutStreams = 0; @@ -848,7 +849,7 @@ public class SevenZFile implements Closeable { totalOutStreams += coders[i].numOutStreams; if (hasAttributes) { final long propertiesSize = readUint64(header); - assertFitsIntoInt("propertiesSize", propertiesSize); + assertFitsIntoNonNegativeInt("propertiesSize", propertiesSize); coders[i].properties = new byte[(int)propertiesSize]; header.get(coders[i].properties); } @@ -859,16 +860,16 @@ public class SevenZFile implements Closeable { } } folder.coders = coders; - assertFitsIntoInt("totalInStreams", totalInStreams); + assertFitsIntoNonNegativeInt("totalInStreams", totalInStreams); folder.totalInputStreams = totalInStreams; - assertFitsIntoInt("totalOutStreams", totalOutStreams); + assertFitsIntoNonNegativeInt("totalOutStreams", totalOutStreams); folder.totalOutputStreams = totalOutStreams; if (totalOutStreams == 0) { throw new IOException("Total output streams can't be 0"); } final long numBindPairs = totalOutStreams - 1; - assertFitsIntoInt("numBindPairs", numBindPairs); + assertFitsIntoNonNegativeInt("numBindPairs", numBindPairs); final BindPair[] bindPairs = new BindPair[(int)numBindPairs]; for (int i = 0; i < bindPairs.length; i++) { bindPairs[i] = new BindPair(); @@ -881,7 +882,7 @@ public class SevenZFile implements Closeable { throw new IOException("Total input streams can't be less than the number of bind pairs"); } final long numPackedStreams = totalInStreams - numBindPairs; - assertFitsIntoInt("numPackedStreams", numPackedStreams); + assertFitsIntoNonNegativeInt("numPackedStreams", numPackedStreams); final long[] packedStreams = new long[(int)numPackedStreams]; if (numPackedStreams == 1) { int i; @@ -935,7 +936,7 @@ public class SevenZFile implements Closeable { private void readFilesInfo(final ByteBuffer header, final Archive archive) throws IOException { final long numFiles = readUint64(header); - assertFitsIntoInt("numFiles", numFiles); + assertFitsIntoNonNegativeInt("numFiles", numFiles); final int numFilesInt = (int) numFiles; final Map<Integer, SevenZArchiveEntry> fileMap = new HashMap<>(); BitSet isEmptyStream = null; @@ -974,7 +975,7 @@ public class SevenZFile implements Closeable { if (((size - 1) & 1) != 0) { throw new IOException("File names length invalid"); } - assertFitsIntoInt("file names length", size - 1); + assertFitsIntoNonNegativeInt("file names length", size - 1); final byte[] names = new byte[(int) (size - 1)]; final int namesLength = names.length; header.get(names); @@ -1642,8 +1643,8 @@ public class SevenZFile implements Closeable { return e; } - private static void assertFitsIntoInt(final String what, final long value) throws IOException { - if (value > Integer.MAX_VALUE || value < Integer.MIN_VALUE) { + private static void assertFitsIntoNonNegativeInt(final String what, final long value) throws IOException { + if (value > Integer.MAX_VALUE || value < 0) { throw new IOException("Cannot handle " + what + " " + value); } }