[jira] [Commented] (COMPRESS-707) TAR: TarUtils.verifyCheckSum throws an Exception when checksum could not be parsed

Mon, 18 Aug 2025 07:14:08 -0700 


    [ 
https://issues.apache.org/jira/browse/COMPRESS-707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18014623#comment-18014623
 ] 

Roel van Dijk commented on COMPRESS-707:
----------------------------------------

[~ggregory] 

We've created a TAR file that exactly recreates the problem that we 
encountered. See attached COMPRESS-707.tar.

The cause is that the checksum field is not terminated by a 'space' and a 
'NUL', but is terminated directly by a 'NUL' after the checksum. As if it was a 
null-terminated string. The command line tar command correctly extracts this 
file without any warnings. Commons-compress throws the aforementioned exception.

Now that we've a better understanding of this problem, we would like to propose 
to fix this in the parseOctal method, and allow values to be terminated by a 
NUL byte. Would you agree, or would you propose another solution? If you agree, 
we can create a pull request for it.

> TAR: TarUtils.verifyCheckSum throws an Exception when checksum could not be 
> parsed
> ----------------------------------------------------------------------------------
>
>                 Key: COMPRESS-707
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-707
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Archivers
>    Affects Versions: 1.27.1, 1.28.0
>            Reporter: Roel van Dijk
>            Priority: Major
>         Attachments: COMPRESS-707.tar
>
>
> When parsing a TAR entry, the checksum is read from the header and verified.
>  
> {code:java}
> final long storedSum = parseOctal(header, TarConstants.CHKSUM_OFFSET, 
> TarConstants.CHKSUMLEN);
> {code}
> When the checksum itself is invalid (e.g. the octal number could not be 
> parsed), an exception is thrown by the method TarUtils.parseOctal :
> {code:java}
> java.lang.IllegalArgumentException: Invalid byte 0 at offset 4 in 
> '4712{NUL}36{NUL}' len=8 {code}
> This exception is non-descriptive, and in our opinion TarUtils.verifyCheckSum 
> should just return false when the checksum could not be parsed.
> We will open a pull request on GitHub to address this. We will include an 
> altered version of the bla.tar test file to cover this edge case.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to