You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2021/05/18 19:31:28 UTC
[commons-compress] branch master updated: COMPRESS-567 more
uncaught runtime exceptions
This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new d15c285 COMPRESS-567 more uncaught runtime exceptions
d15c285 is described below
commit d15c285941351958a902265aeacdc151fa98c127
Author: Stefan Bodewig <st...@innoq.com>
AuthorDate: Tue May 18 21:29:20 2021 +0200
COMPRESS-567 more uncaught runtime exceptions
Credit to OSS-Fuzz
---
.../compress/archivers/tar/TarArchiveEntry.java | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveEntry.java b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveEntry.java
index e49e180..bdb3058 100644
--- a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveEntry.java
+++ b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveEntry.java
@@ -1392,16 +1392,28 @@ public class TarArchiveEntry implements ArchiveEntry, TarConstants, EntryStreamO
setUserName(val);
break;
case "size":
- setSize(Long.parseLong(val));
+ final long size = Long.parseLong(val);
+ if (size < 0) {
+ throw new IOException("Corrupted TAR archive. Entry size is negative");
+ }
+ setSize(size);
break;
case "mtime":
setModTime((long) (Double.parseDouble(val) * 1000));
break;
case "SCHILY.devminor":
- setDevMinor(Integer.parseInt(val));
+ final int devMinor = Integer.parseInt(val);
+ if (devMinor < 0) {
+ throw new IOException("Corrupted TAR archive. Dev-Minor is negative");
+ }
+ setDevMinor(devMinor);
break;
case "SCHILY.devmajor":
- setDevMajor(Integer.parseInt(val));
+ final int devMajor = Integer.parseInt(val);
+ if (devMajor < 0) {
+ throw new IOException("Corrupted TAR archive. Dev-Major is negative");
+ }
+ setDevMajor(devMajor);
break;
case "GNU.sparse.size":
fillGNUSparse0xData(headers);