This is an automated email from the ASF dual-hosted git repository.
garydgregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new 354b54852 Throw ArchiveException instead of EOFException when CPIO
namesize <= 0 (#771)
354b54852 is described below
commit 354b548529d0f97edd2c2e4af888f2eb3e162d50
Author: Gary Gregory <[email protected]>
AuthorDate: Tue Apr 28 11:36:24 2026 -0400
Throw ArchiveException instead of EOFException when CPIO namesize <= 0
(#771)
---
.../archivers/cpio/CpioArchiveInputStream.java | 2 +-
.../archivers/cpio/CpioArchiveInputStreamTest.java | 27 ++++++++++++++++++++++
2 files changed, 28 insertions(+), 1 deletion(-)
diff --git
a/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
b/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
index 665841be1..ff44f9757 100644
---
a/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
+++
b/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
@@ -463,7 +463,7 @@ private CpioArchiveEntry readNewEntry(final boolean hasCrc)
throws IOException {
newEntry.setRemoteDeviceMaj(readAsciiLong(8, 16));
newEntry.setRemoteDeviceMin(readAsciiLong(8, 16));
final long namesize = readAsciiLong(8, 16);
- if (namesize < 0) {
+ if (namesize <= 0) {
throw new ArchiveException("Found illegal entry with negative name
length");
}
newEntry.setChksum(readAsciiLong(8, 16));
diff --git
a/src/test/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStreamTest.java
b/src/test/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStreamTest.java
index 166888ce2..95cb4e1c6 100644
---
a/src/test/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStreamTest.java
+++
b/src/test/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStreamTest.java
@@ -93,6 +93,33 @@ void testCrcVerification() throws Exception {
}
}
+ @Test
+ void testEndOfFileInEntry_c_namesize_0x00000000() throws Exception {
+ // CPIO header with c_namesize = 0x00000000
+ // @formatter:off
+ final String header =
+ "070701" + // c_magic
+ "00000000" + // c_ino
+ "000081A4" + // c_mode
+ "00000000" + // c_uid
+ "00000000" + // c_gid
+ "00000001" + // c_nlink
+ "00000000" + // c_mtime
+ "00000000" + // c_filesize
+ "00000000" + // c_devmajor
+ "00000000" + // c_devminor
+ "00000000" + // c_rdevmajor
+ "00000000" + // c_rdevminor
+ "00000000" + // c_namesize
+ "00000000"; // c_check
+ // @formatter:on
+ final byte[] data = new
byte[header.getBytes(StandardCharsets.US_ASCII).length + 1];
+ System.arraycopy(header.getBytes(), 0, data, 0,
header.getBytes().length);
+ try (CpioArchiveInputStream cpio =
CpioArchiveInputStream.builder().setByteArray(data).get()) {
+ assertThrows(ArchiveException.class, () -> cpio.getNextEntry());
+ }
+ }
+
@Test
void testEndOfFileInEntry_c_namesize_0xFFFFFFFF() throws Exception {
// CPIO header with c_namesize = 0xFFFFFFFF
