You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2022/09/30 13:23:00 UTC
[jira] [Resolved] (COMPRESS-626) OutOfMemoryError on malformed pack200 attributes
[ https://issues.apache.org/jira/browse/COMPRESS-626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary D. Gregory resolved COMPRESS-626.
--------------------------------------
Fix Version/s: 1.22
Resolution: Fixed
Hello [~infandrew]
Thank you for your report.
This is now fixed in git master and in snapshot builds:
[https://repository.apache.org/content/repositories/snapshots]
Please verify and close.
TY!
> OutOfMemoryError on malformed pack200 attributes
> ------------------------------------------------
>
> Key: COMPRESS-626
> URL: https://issues.apache.org/jira/browse/COMPRESS-626
> Project: Commons Compress
> Issue Type: Bug
> Components: Archivers
> Affects Versions: 1.21
> Environment: ubuntu18
> java-11-openjdk-amd64
> Reporter: Andrii Hudz
> Priority: Major
> Fix For: 1.22
>
> Attachments: sample-1.0-SNAPSHOT-vulnerable-pack200.jar
>
>
> pack200.NewAttributeBands.getStreamUpToMatchingBracket() and unpack200.NewAttributeBands.getStreamUpToMatchingBracket can result in an infinite loop that finally leads to an out of memory error.
> pack example:
> {code:java}
> import org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands;
> import org.apache.commons.compress.harmony.pack200.CPUTF8;
> import org.apache.commons.compress.harmony.pack200.NewAttributeBands;
> public class ApacheCompress_1_21_OutOfMemory {
> public static void main(String[] args) throws Exception {
> CPUTF8 name = new CPUTF8("");
> CPUTF8 layout = new CPUTF8("[");
> new NewAttributeBands(1, null, null,
> new AttributeDefinitionBands.AttributeDefinition(35, AttributeDefinitionBands.CONTEXT_CLASS, name, layout)
> );
> }
> }{code}
> {code:java}
> Exception in thread "main" java.lang.OutOfMemoryError: Java heap space at java.base/java.util.Arrays.copyOf(Arrays.java:3745) at java.base/java.lang.AbstractStringBuilder.ensureCapacityInternal(AbstractStringBuilder.java:172) at java.base/java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:748) at java.base/java.lang.StringBuffer.append(StringBuffer.java:429) at org.apache.commons.compress.harmony.pack200.NewAttributeBands.getStreamUpToMatchingBracket(NewAttributeBands.java:822) at org.apache.commons.compress.harmony.pack200.NewAttributeBands.readNextAttributeElement(NewAttributeBands.java:180) at org.apache.commons.compress.harmony.pack200.NewAttributeBands.parseLayout(NewAttributeBands.java:95) at org.apache.commons.compress.harmony.pack200.NewAttributeBands.<init>(NewAttributeBands.java:53) at ApacheCompress_1_21_OutOfMemory.main(ApacheCompress_1_21_OutOfMemory.java:9)
> {code}
>
> unpack example on the malformed archive:
> {code:java}
> import org.apache.commons.compress.java.util.jar.Pack200;
> public class ApacheCompress_1_21_OutOfMemory_unpack_demo {
> public static void main(String[] args) throws Exception {
> String input = "/sample-1.0-SNAPSHOT-vulnerable-pack200.jar";
> try (
> InputStream inputStream = ApacheCompress_1_21_OutOfMemory_unpack_demo.class.getResourceAsStream(input);
> JarOutputStream out = new JarOutputStream(new OutputStream() {
> @Override
> public void write(int i) {
> }
> });
> ) {
> Pack200.newUnpacker().unpack(inputStream, out);
> }
> }
> }{code}
> {code:java}
> Exception in thread "main" java.lang.OutOfMemoryError: Java heap space at java.base/java.util.Arrays.copyOf(Arrays.java:3745) at java.base/java.lang.AbstractStringBuilder.ensureCapacityInternal(AbstractStringBuilder.java:172) at java.base/java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:748) at java.base/java.lang.StringBuffer.append(StringBuffer.java:429) at org.apache.commons.compress.harmony.unpack200.NewAttributeBands.getStreamUpToMatchingBracket(NewAttributeBands.java:883) at org.apache.commons.compress.harmony.unpack200.NewAttributeBands.readNextAttributeElement(NewAttributeBands.java:201) at org.apache.commons.compress.harmony.unpack200.NewAttributeBands.parseLayout(NewAttributeBands.java:122) at org.apache.commons.compress.harmony.unpack200.NewAttributeBands.<init>(NewAttributeBands.java:58) at org.apache.commons.compress.harmony.unpack200.AttrDefinitionBands.read(AttrDefinitionBands.java:85) at org.apache.commons.compress.harmony.unpack200.Segment.readSegment(Segment.java:353) at org.apache.commons.compress.harmony.unpack200.Segment.unpackRead(Segment.java:459) at org.apache.commons.compress.harmony.unpack200.Segment.unpack(Segment.java:436) at org.apache.commons.compress.harmony.unpack200.Archive.unpack(Archive.java:156) at org.apache.commons.compress.harmony.unpack200.Pack200UnpackerAdapter.unpack(Pack200UnpackerAdapter.java:49) at ApacheCompress_1_21_OutOfMemory_unpack_demo.main(ApacheCompress_1_21_OutOfMemory_unpack_demo.java:20)Process finished with exit code 1
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)