You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2022/09/30 13:30:00 UTC
[jira] (COMPRESS-598) NullPointerException in ZipArchiveInputStream.getCompressedCount()
[ https://issues.apache.org/jira/browse/COMPRESS-598 ]
Gary D. Gregory deleted comment on COMPRESS-598:
------------------------------------------
was (Author: garydgregory):
Note that in git master, you now get:
java.util.zip.ZipException: *Unexpected record signature: 0X4F51908D*
at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getNextZipEntry(ZipArchiveInputStream.java:296)
at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getNextEntry(ZipArchiveInputStream.java:475)
at org.apache.commons.compress.archivers.zip.Crash_f2efd9eaeb86cda597d07b5e3c3d81363633c2da_Test.test(Crash_f2efd9eaeb86cda597d07b5e3c3d81363633c2da_Test.java:61)
> NullPointerException in ZipArchiveInputStream.getCompressedCount()
> ------------------------------------------------------------------
>
> Key: COMPRESS-598
> URL: https://issues.apache.org/jira/browse/COMPRESS-598
> Project: Commons Compress
> Issue Type: Bug
> Components: Archivers
> Affects Versions: 1.21
> Reporter: Dominik Stadler
> Priority: Critical
> Labels: NullPointerException, fuzzer, npe
> Attachments: Crash_f2efd9eaeb86cda597d07b5e3c3d81363633c2da.java, crash-f2efd9eaeb86cda597d07b5e3c3d81363633c2da
>
>
> While fuzzing Apache POI, I discovered a case which can trigger a NullPointerException in ZipArchiveInputStream.getCompressedCount().
> The attached test-application and file are a fairly minimal reproducing testcase.
> Put the java file into src/test/java and the file into /src/test/resources
> Running it then produces the following:
> {noformat}
> Exception in thread "main" java.lang.NullPointerException
> at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getCompressedCount(ZipArchiveInputStream.java:559)
> at Crash_f2efd9eaeb86cda597d07b5e3c3d81363633c2da.main(Crash_f2efd9eaeb86cda597d07b5e3c3d81363633c2da.java:26) {noformat}
>
> Happens with 1.21 as well as latest.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)