[ https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17823588#comment-17823588 ]
Tilman Hausherr commented on COMPRESS-661: ------------------------------------------ {code:java} @Test public void testCompress661() throws IOException { try (InputStream in = newInputStream("org/apache/commons/compress/COMPRESS-661/testARofText.ar"); ArArchiveInputStream archive = new ArArchiveInputStream(new BufferedInputStream(in))) { assertNotNull(archive.getNextEntry()); if (archive.markSupported()) { // mark() shouldn't be supported, but if it would be, // mark+read+reset should not do any harm. archive.mark(10); archive.read(new byte[10]); archive.reset(); } byte[] ba = IOUtils.toByteArray(archive); assertEquals("Test d'indexation de Txt\nhttp://www.apache.org\n", new String(ba)); assertEquals(-1, archive.read()); assertEquals(-1, archive.read()); assertNull(archive.getNextEntry()); } } {code} > commons-compress 1.26.0 breaks Apache Tika 2.9.1 > ------------------------------------------------ > > Key: COMPRESS-661 > URL: https://issues.apache.org/jira/browse/COMPRESS-661 > Project: Commons Compress > Issue Type: Bug > Components: Compressors > Affects Versions: 1.26.0 > Reporter: Alexander Veit > Priority: Critical > Attachments: testARofText.ar > > > Apache Commons Compress 1.26.0 fixes > * https://www.cve.org/CVERecord?id=CVE-2024-25710 and > * https://www.cve.org/CVERecord?id=CVE-2024-26308. > We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our > deployments in order to fix these security vulnerabilities. But unfortunately > now Apache Tika is broken: > {noformat} > org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from > org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910 > at > app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304) > at > app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298) > at > app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203) > at app//org.apache.tika.Tika.parseToString(Tika.java:525) > at app//org.apache.tika.Tika.parseToString(Tika.java:495) > at ... > Caused by: java.io.IOException: Resetting to invalid mark > at > java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446) > at > org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97) > at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298) > ... 42 more > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)