This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new d80d76f sanity check entry sizes in TarFile
d80d76f is described below
commit d80d76f81b45655b0b1d234d25ee26f817f7b770
Author: Stefan Bodewig <bode...@apache.org>
AuthorDate: Fri Jul 2 15:34:45 2021 +0200
sanity check entry sizes in TarFile
Credit to OSS-Fuzz
---
src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git
a/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
b/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
index 70e314a..5491c8b 100644
--- a/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
+++ b/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
@@ -667,8 +667,11 @@ public class TarFile implements Closeable {
private int currentSparseInputStreamIndex;
- BoundedTarEntryInputStream(final TarArchiveEntry entry, final
SeekableByteChannel channel) {
+ BoundedTarEntryInputStream(final TarArchiveEntry entry, final
SeekableByteChannel channel) throws IOException {
super(entry.getDataOffset(), entry.getRealSize());
+ if (channel.size() - entry.getSize() < entry.getDataOffset()) {
+ throw new IOException("entry size exceeds archive size");
+ }
this.entry = entry;
this.channel = channel;
}
