[
https://issues.apache.org/jira/browse/COMPRESS-424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16268989#comment-16268989
]
Stefan Bodewig commented on COMPRESS-424:
-----------------------------------------
Well, my "considerable" is a guess and maybe I should just try it (I do have a
JMH setup to look at the effects). For three places you've found there is no
big problem to expect as this is setup code that is run once per "block" of
900kB so the effects are probably minor.
For the code that really gets hit a lot we'll need some time to review it, it
is not an easy read and it's been quite some time since I last tried to wrap my
head around it.
I understand where you are coming from but won't rule out you may find similar
errors within the other compressors or archivers as well.
> [bzip2] Multiple ArrayIndexOutOfBoundsException(s) when decompressing
> malformed input
> -------------------------------------------------------------------------------------
>
> Key: COMPRESS-424
> URL: https://issues.apache.org/jira/browse/COMPRESS-424
> Project: Commons Compress
> Issue Type: Bug
> Components: Compressors
> Affects Versions: 1.14, 1.15
> Reporter: Rohan Padhye
> Priority: Minor
> Attachments: bad1.bz2, bad2.bz2, bad3.bz2
>
>
> Encountered multiple unchecked exceptions thrown from
> {{BZip2CompressorInputStream.<init>}} when parsing malformed files.
> {{ArrayIndexOutOfBoundsException}} is an unchecked exception that is not
> documented in this API; therefore, such exceptions can cause stability issues
> in applications that are not expecting them. Instead, an {{IOException}}
> should be thrown indicating that the input stream contains malformed data.
> Stack traces for three distinct (but possibly related) sources of exceptions
> follow:
> {noformat}
> java.lang.ArrayIndexOutOfBoundsException: 65536
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.hbCreateDecodeTables(BZip2CompressorInputStream.java:422)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.createHuffmanDecodingTables(BZip2CompressorInputStream.java:546)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:518)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
> {noformat}
> {noformat}
> java.lang.ArrayIndexOutOfBoundsException: 6
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:493)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
> {noformat}
> {noformat}
> java.lang.ArrayIndexOutOfBoundsException: 18002
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:605)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
> at
> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
> {noformat}
> The inputs were found by mutating random bytes in a simple well-formed file
> (a compressed string of zeros).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
