[ https://issues.apache.org/jira/browse/COMPRESS-567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17291490#comment-17291490 ]
Fabian Meumertzheim commented on COMPRESS-567: ---------------------------------------------- I found these bugs using https://github.com/CodeIntelligenceTesting/jazzer, which provides you with both the raw crashing input and a Java reproducer with the raw input encoded as Base64 for easier sharing (byte array literals are cumbersome in Java and would need more characters). > IllegalArgumentException in ZipFile.positionAtCentralDirectory > -------------------------------------------------------------- > > Key: COMPRESS-567 > URL: https://issues.apache.org/jira/browse/COMPRESS-567 > Project: Commons Compress > Issue Type: Bug > Affects Versions: 1.20 > Reporter: Fabian Meumertzheim > Priority: Major > Attachments: crash.zip > > > The following snippet of code throws an undeclared IllegalArgumentException: > {code:java} > byte[] bytes = Base64.getDecoder().decode("UEsFBgAAAQD//////////1AAJP9QAA=="); > SeekableInMemoryByteChannel input = new SeekableInMemoryByteChannel(bytes); > try { > ZipFile file = new ZipFile(input); > } catch (IOException ignored) {} > {code} > The stack trace is: > {noformat} > java.lang.IllegalArgumentException: Position has to be in range 0.. 2147483647 > at > org.apache.commons.compress.utils.SeekableInMemoryByteChannel.position(SeekableInMemoryByteChannel.java:94) > at > org.apache.commons.compress.archivers.zip.ZipFile.positionAtCentralDirectory32(ZipFile.java:1128) > at > org.apache.commons.compress.archivers.zip.ZipFile.positionAtCentralDirectory(ZipFile.java:1037) > at > org.apache.commons.compress.archivers.zip.ZipFile.populateFromCentralDirectory(ZipFile.java:702) > at > org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:371) > at > org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:318) > at > org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:274) > {noformat} > I also attached the input as a ZIP file. -- This message was sent by Atlassian Jira (v8.3.4#803005)