You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "fredwang_00 (JIRA)" <ji...@apache.org> on 2016/06/29 09:19:45 UTC
[jira] [Created] (COMPRESS-363) Overflow in BitInputStream
fredwang_00 created COMPRESS-363:
------------------------------------
Summary: Overflow in BitInputStream
Key: COMPRESS-363
URL: https://issues.apache.org/jira/browse/COMPRESS-363
Project: Commons Compress
Issue Type: Bug
Components: Compressors
Affects Versions: 1.12
Reporter: fredwang_00
in Class BitInputStream.java(\src\main\java\org\apache\commons\compress\utils),
funcion:
public long readBits(final int count) throws IOException {
if (count < 0 || count > MAXIMUM_CACHE_SIZE) {
throw new IllegalArgumentException("count must not be negative or greater than " + MAXIMUM_CACHE_SIZE);
}
while (bitsCachedSize < count) {
final long nextByte = in.read();
if (nextByte < 0) {
return nextByte;
}
if (byteOrder == ByteOrder.LITTLE_ENDIAN) {
bitsCached |= (nextByte << bitsCachedSize);
} else {
bitsCached <<= 8;
bitsCached |= nextByte;
}
bitsCachedSize += 8;
}
final long bitsOut;
if (byteOrder == ByteOrder.LITTLE_ENDIAN) {
bitsOut = (bitsCached & MASKS[count]);
bitsCached >>>= count;
} else {
bitsOut = (bitsCached >> (bitsCachedSize - count)) & MASKS[count];
}
bitsCachedSize -= count;
return bitsOut;
}
I think here "bitsCached |= (nextByte << bitsCachedSize);" will overflow in some cases. for example, below is a test case:
public static void test() {
ByteArrayInputStream in = new ByteArrayInputStream(new byte[]{87, 45, 66, 15,
90, 29, 88, 61, 33, 74});
BitInputStream bin = new BitInputStream(in, ByteOrder.LITTLE_ENDIAN);
try {
long ret = bin.readBits(5);
ret = bin.readBits(63);
ret = bin.readBits(12);
} catch (Exception e) {
e.printStackTrace();
}
}
overflow occur in "bin.readBits(63);" , so ,result in wrong result from "bin.readBits(12);"
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)