[jira] [Commented] (COMPRESS-647) ArrayIndexOutOfBoundsException when reading Zip with data descriptor entries

Sat, 11 Nov 2023 06:42:05 -0800 


    [ 
https://issues.apache.org/jira/browse/COMPRESS-647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17785182#comment-17785182
 ] 

Robin Schimpf commented on COMPRESS-647:
----------------------------------------

Thanks for fixing it!

> ArrayIndexOutOfBoundsException when reading Zip with data descriptor entries
> ----------------------------------------------------------------------------
>
>                 Key: COMPRESS-647
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-647
>             Project: Commons Compress
>          Issue Type: Bug
>    Affects Versions: 1.23.0
>            Reporter: Robin Schimpf
>            Priority: Major
>             Fix For: 1.25.0
>
>         Attachments: 
> crash-commons-compress-ZipArchiveInputStream-dataDescriptor
>
>
> The attached fuzzed zip file fails to open with the following test when the 
> {{allowStoredEntriesWithDataDescriptor}} value is {{true}}.
> {code:java}
> @ParameterizedTest
> @ValueSource(booleans = {true, false})
> public void zipInputStream(final boolean 
> allowStoredEntriesWithDataDescriptor) {
>     try (ZipArchiveInputStream zIn = new 
> ZipArchiveInputStream(Files.newInputStream(Paths.get("crash-commons-compress-ZipArchiveInputStream-dataDescriptor")),
>  "UTF-8", false, allowStoredEntriesWithDataDescriptor)) {
>         ZipArchiveEntry zae = zIn.getNextZipEntry();
>         while (zae != null) {
>             zae = zIn.getNextZipEntry();
>         }
>     } catch (IOException e) {
>         // Ignore expected exception
>     }
> } {code}
> The exception is
> {code:java}
> java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -6 out of 
> bounds for byte[512]    at java.base/java.lang.System.arraycopy(Native Method)
>     at 
> java.base/java.io.PushbackInputStream.unread(PushbackInputStream.java:232)
>     at 
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.pushback(ZipArchiveInputStream.java:979)
>     at 
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.bufferContainsSignature(ZipArchiveInputStream.java:471)
>     at 
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.readStoredEntry(ZipArchiveInputStream.java:1282)
>     at 
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.readStored(ZipArchiveInputStream.java:1211)
>     at 
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.read(ZipArchiveInputStream.java:1013)
>     at 
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.skip(ZipArchiveInputStream.java:1343)
>     at 
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.closeEntry(ZipArchiveInputStream.java:562)
>     at 
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getNextZipEntry(ZipArchiveInputStream.java:735)
>     at 
> org.apache.commons.compress.archivers.zip.ZipArchiveInputStreamTest.zipInputStream(ZipArchiveInputStreamTest.java:765)
>  {code}
> I also tried to open the file with the ZipFile class and the crash does not 
> occure there. Seems to only affect the stream implementation with that 
> specific option.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to