[jira] [Created] (COMPRESS-647) ArrayIndexOutOfBoundsException when reading Zip with data descriptor entries

Sun, 09 Jul 2023 09:28:05 -0700 

Robin Schimpf created COMPRESS-647:
--------------------------------------

             Summary: ArrayIndexOutOfBoundsException when reading Zip with data 
descriptor entries
                 Key: COMPRESS-647
                 URL: https://issues.apache.org/jira/browse/COMPRESS-647
             Project: Commons Compress
          Issue Type: Bug
    Affects Versions: 1.23.0
            Reporter: Robin Schimpf
         Attachments: 
crash-commons-compress-ZipArchiveInputStream-dataDescriptor

The attached fuzzed zip file fails to open with the following test when the 
{{allowStoredEntriesWithDataDescriptor }}value is {{{}true{}}}.
{code:java}
@ParameterizedTest
@ValueSource(booleans = {true, false})
public void zipInputStream(final boolean allowStoredEntriesWithDataDescriptor) {
    try (ZipArchiveInputStream zIn = new 
ZipArchiveInputStream(Files.newInputStream(Paths.get("crash-commons-compress-ZipArchiveInputStream-dataDescriptor")),
 "UTF-8", false, allowStoredEntriesWithDataDescriptor)) {
        ZipArchiveEntry zae = zIn.getNextZipEntry();
        while (zae != null) {
            zae = zIn.getNextZipEntry();
        }
    } catch (IOException e) {
        // Ignore expected exception
    }
} {code}
The exception is
{code:java}
java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -6 out of 
bounds for byte[512]    at java.base/java.lang.System.arraycopy(Native Method)
    at 
java.base/java.io.PushbackInputStream.unread(PushbackInputStream.java:232)
    at 
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.pushback(ZipArchiveInputStream.java:979)
    at 
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.bufferContainsSignature(ZipArchiveInputStream.java:471)
    at 
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.readStoredEntry(ZipArchiveInputStream.java:1282)
    at 
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.readStored(ZipArchiveInputStream.java:1211)
    at 
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.read(ZipArchiveInputStream.java:1013)
    at 
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.skip(ZipArchiveInputStream.java:1343)
    at 
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.closeEntry(ZipArchiveInputStream.java:562)
    at 
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getNextZipEntry(ZipArchiveInputStream.java:735)
    at 
org.apache.commons.compress.archivers.zip.ZipArchiveInputStreamTest.zipInputStream(ZipArchiveInputStreamTest.java:765)
 {code}
I also tried to open the file with the ZipFile class and the crash does not 
occure there. Seems to only affect the stream implementation with that specific 
option.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to