You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2021/05/18 19:31:28 UTC

[commons-compress] branch master updated: COMPRESS-567 more uncaught runtime exceptions

This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git


The following commit(s) were added to refs/heads/master by this push:
     new d15c285  COMPRESS-567 more uncaught runtime exceptions
d15c285 is described below

commit d15c285941351958a902265aeacdc151fa98c127
Author: Stefan Bodewig <st...@innoq.com>
AuthorDate: Tue May 18 21:29:20 2021 +0200

    COMPRESS-567 more uncaught runtime exceptions
    
    Credit to OSS-Fuzz
---
 .../compress/archivers/tar/TarArchiveEntry.java        | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveEntry.java b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveEntry.java
index e49e180..bdb3058 100644
--- a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveEntry.java
+++ b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveEntry.java
@@ -1392,16 +1392,28 @@ public class TarArchiveEntry implements ArchiveEntry, TarConstants, EntryStreamO
                 setUserName(val);
                 break;
             case "size":
-                setSize(Long.parseLong(val));
+                final long size = Long.parseLong(val);
+                if (size < 0) {
+                    throw new IOException("Corrupted TAR archive. Entry size is negative");
+                }
+                setSize(size);
                 break;
             case "mtime":
                 setModTime((long) (Double.parseDouble(val) * 1000));
                 break;
             case "SCHILY.devminor":
-                setDevMinor(Integer.parseInt(val));
+                final int devMinor = Integer.parseInt(val);
+                if (devMinor < 0) {
+                    throw new IOException("Corrupted TAR archive. Dev-Minor is negative");
+                }
+                setDevMinor(devMinor);
                 break;
             case "SCHILY.devmajor":
-                setDevMajor(Integer.parseInt(val));
+                final int devMajor = Integer.parseInt(val);
+                if (devMajor < 0) {
+                    throw new IOException("Corrupted TAR archive. Dev-Major is negative");
+                }
+                setDevMajor(devMajor);
                 break;
             case "GNU.sparse.size":
                 fillGNUSparse0xData(headers);