[jira] [Commented] (COMPRESS-714) Internal IllegalArgumentException in ZipFile and TarFile creation is not caught

Sun, 07 Dec 2025 07:25:04 -0800 


    [ 
https://issues.apache.org/jira/browse/COMPRESS-714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18043361#comment-18043361
 ] 

Piotr Karwasz commented on COMPRESS-714:
----------------------------------------

[~pbebr],

Thank you for the report. This looks mostly as a bug in 
{{SeekableInMemoryByteChannel}} used in tests, which violates the 
{{SeekableByteChannel#position(long)}} contract by throwing an exception. We'll 
fix this in the new release.

> Internal IllegalArgumentException in ZipFile and TarFile creation is not 
> caught
> -------------------------------------------------------------------------------
>
>                 Key: COMPRESS-714
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-714
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Archivers
>         Environment: Ubuntu 24.04
> $ java --version
> openjdk 21.0.8 2025-07-15
> OpenJDK Runtime Environment (build 21.0.8+9-Ubuntu-0ubuntu124.04.1)
> OpenJDK 64-Bit Server VM (build 21.0.8+9-Ubuntu-0ubuntu124.04.1, mixed mode, 
> sharing)
>            Reporter: Philip Betzler-Braun
>            Assignee: Gary D. Gregory
>            Priority: Minor
>         Attachments: IllegalArgumentInTarFileReproducer.java, 
> IllegalArgumentInZipFileReproducer.java
>
>
> *Minor Issue:*
> When creating a ZipFile or TarFile instance out of unsanitized bytes, it is 
> possible that the underlying class SeekableInMemoryByteChannel.position 
> (org.apache.commons.compress.utils.SeekableInMemoryByteChannel.position(SeekableInMemoryByteChannel.java:126))
>  function is called with a long value that is > Integer.MaxValue. This 
> triggers an IllegalArgumentException that is not catched inside the library, 
> but hits user code.
>  
> *Suggestion:*
>  * As with the DumpArchiveInputStream: Catching the RuntimeException and 
> throwing a specific exception.
> *Reproduction:*
> ZipFile reproducer location: 
> src/test/java/org/apache/commons/compress/archivers/zip/IllegalArgumentInZipFileReproducer.java
> *[^IllegalArgumentInZipFileReproducer.java]*
>  
> TarFile reproducer location: 
> src/test/java/org/apache/commons/compress/archivers/tar/IllegalArgumentInTarFileReproducer.java
> *[^IllegalArgumentInTarFileReproducer.java]*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to