garydgregory commented on PR #439:
URL: https://github.com/apache/commons-compress/pull/439#issuecomment-1809213574
Hello @yakovsh
Thank you for the PR.
If we thrown an exception, we should document what part of the ARJ
specification the file violates.
Otherwise, what about:
```
diff --git a/src/main/java/org/apache/commons/compress/utils/IOUtils.java
b/src/main/java/org/apache/commons/compress/utils/IOUtils.java
index 15dfcc1..88b6305 100644
--- a/src/main/java/org/apache/commons/compress/utils/IOUtils.java
+++ b/src/main/java/org/apache/commons/compress/utils/IOUtils.java
@@ -165,7 +165,7 @@
if (bufferSize < 1) {
throw new IllegalArgumentException("bufferSize must be bigger
than 0");
}
- final byte[] buffer = new byte[(int) Math.min(bufferSize, len)];
+ final byte[] buffer = new byte[(int) Math.min(bufferSize,
Math.max(0, len))];
int n = 0;
long count = 0;
while (count < len && -1 != (n = input.read(buffer, 0, (int)
Math.min(len - count, buffer.length)))) {
```
?
The above without the change to `ArjArchiveInputStream` still passes the new
test. So either the test is not strict enough or the file is legal.
WDYT?
I think I'll bulet-proof the `IOUtils` method anyway.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
