garydgregory commented on PR #439: URL: https://github.com/apache/commons-compress/pull/439#issuecomment-1809213574
Hello @yakovsh Thank you for the PR. If we thrown an exception, we should document what part of the ARJ specification the file violates. Otherwise, what about: ``` diff --git a/src/main/java/org/apache/commons/compress/utils/IOUtils.java b/src/main/java/org/apache/commons/compress/utils/IOUtils.java index 15dfcc1..88b6305 100644 --- a/src/main/java/org/apache/commons/compress/utils/IOUtils.java +++ b/src/main/java/org/apache/commons/compress/utils/IOUtils.java @@ -165,7 +165,7 @@ if (bufferSize < 1) { throw new IllegalArgumentException("bufferSize must be bigger than 0"); } - final byte[] buffer = new byte[(int) Math.min(bufferSize, len)]; + final byte[] buffer = new byte[(int) Math.min(bufferSize, Math.max(0, len))]; int n = 0; long count = 0; while (count < len && -1 != (n = input.read(buffer, 0, (int) Math.min(len - count, buffer.length)))) { ``` ? The above without the change to `ArjArchiveInputStream` still passes the new test. So either the test is not strict enough or the file is legal. WDYT? I think I'll bulet-proof the `IOUtils` method anyway. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org