You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2022/09/30 13:30:00 UTC

[jira] (COMPRESS-598) NullPointerException in ZipArchiveInputStream.getCompressedCount()

    [ https://issues.apache.org/jira/browse/COMPRESS-598 ]


    Gary D. Gregory deleted comment on COMPRESS-598:
    ------------------------------------------

was (Author: garydgregory):
Note that in git master, you now get:

java.util.zip.ZipException: *Unexpected record signature: 0X4F51908D*
    at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getNextZipEntry(ZipArchiveInputStream.java:296)
    at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getNextEntry(ZipArchiveInputStream.java:475)
    at org.apache.commons.compress.archivers.zip.Crash_f2efd9eaeb86cda597d07b5e3c3d81363633c2da_Test.test(Crash_f2efd9eaeb86cda597d07b5e3c3d81363633c2da_Test.java:61)

> NullPointerException in ZipArchiveInputStream.getCompressedCount()
> ------------------------------------------------------------------
>
>                 Key: COMPRESS-598
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-598
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Archivers
>    Affects Versions: 1.21
>            Reporter: Dominik Stadler
>            Priority: Critical
>              Labels: NullPointerException, fuzzer, npe
>         Attachments: Crash_f2efd9eaeb86cda597d07b5e3c3d81363633c2da.java, crash-f2efd9eaeb86cda597d07b5e3c3d81363633c2da
>
>
> While fuzzing Apache POI, I discovered a case which can trigger a NullPointerException in ZipArchiveInputStream.getCompressedCount().
> The attached test-application and file are a fairly minimal reproducing testcase.
> Put the java file into src/test/java and the file into /src/test/resources
> Running it then produces the following:
> {noformat}
> Exception in thread "main" java.lang.NullPointerException
>     at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getCompressedCount(ZipArchiveInputStream.java:559)
>     at Crash_f2efd9eaeb86cda597d07b5e3c3d81363633c2da.main(Crash_f2efd9eaeb86cda597d07b5e3c3d81363633c2da.java:26) {noformat}
>  
> Happens with 1.21 as well as  latest.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)