This is an automated email from the ASF dual-hosted git repository. bodewig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push: new 9bc02b2 simplify BoundedArchiveIS#read, add upper bounds check for offset 9bc02b2 is described below commit 9bc02b24a67db2783ca6817278e4b6b218677e26 Author: Stefan Bodewig <bode...@apache.org> AuthorDate: Fri May 21 22:16:36 2021 +0200 simplify BoundedArchiveIS#read, add upper bounds check for offset --- .../compress/utils/BoundedArchiveInputStream.java | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/src/main/java/org/apache/commons/compress/utils/BoundedArchiveInputStream.java b/src/main/java/org/apache/commons/compress/utils/BoundedArchiveInputStream.java index c6a5840..a72aa15 100644 --- a/src/main/java/org/apache/commons/compress/utils/BoundedArchiveInputStream.java +++ b/src/main/java/org/apache/commons/compress/utils/BoundedArchiveInputStream.java @@ -67,25 +67,21 @@ public abstract class BoundedArchiveInputStream extends InputStream { @Override public synchronized int read(final byte[] b, final int off, int len) throws IOException { - if (len <= 0) { + if (loc >= end) { + return -1; + } + final long maxLen = Math.min(len, end - loc); + if (maxLen <= 0) { return 0; } - if (off < 0 || len > b.length - off) { + if (off < 0 || off > b.length || maxLen > b.length - off) { throw new IndexOutOfBoundsException("offset or len are out of bounds"); } - if (len > end - loc) { - if (loc >= end) { - return -1; - } - len = (int) (end - loc); - } - - ByteBuffer buf = ByteBuffer.wrap(b, off, len); + ByteBuffer buf = ByteBuffer.wrap(b, off, (int) maxLen); int ret = read(loc, buf); if (ret > 0) { loc += ret; - return ret; } return ret; }