Rohan Padhye created COMPRESS-424: ------------------------------------- Summary: [bzip2] Multiple ArrayIndexOutOfBoundsException(s) when decompressing malformed input Key: COMPRESS-424 URL: https://issues.apache.org/jira/browse/COMPRESS-424 Project: Commons Compress Issue Type: Bug Components: Compressors Affects Versions: 1.15, 1.14 Reporter: Rohan Padhye Priority: Minor
Encountered multiple unchecked exceptions thrown from {{BZip2CompressorInputStream.<init>}} when parsing malformed files. {{ArrayIndexOutOfBoundsException}} is an unchecked exception that is not documented in this API; therefore, such exceptions can cause stability issues in applications that are not expecting them. Instead, an {{IOException}} should be thrown indicating that the input stream contains malformed data. Stack traces for three distinct (but possibly related) sources of exceptions follow: {noformat} java.lang.ArrayIndexOutOfBoundsException: 65536 at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.hbCreateDecodeTables(BZip2CompressorInputStream.java:422) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.createHuffmanDecodingTables(BZip2CompressorInputStream.java:546) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:518) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112) {noformat} {noformat} java.lang.ArrayIndexOutOfBoundsException: 6 at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:493) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112) {noformat} {noformat} java.lang.ArrayIndexOutOfBoundsException: 18002 at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:605) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135) at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112) {noformat} The inputs were found by mutating random bytes in a simple well-formed file (a compressed string of zeros). -- This message was sent by Atlassian JIRA (v6.4.14#64029)