You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2019/08/08 16:57:09 UTC
[commons-compress] branch master updated: not really COMPRESS-490 - throw on negative sizes read from stream

This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git


The following commit(s) were added to refs/heads/master by this push:
     new d503083  not really COMPRESS-490 - throw on negative sizes read from stream
d503083 is described below

commit d50308367fa7238c20b9db63469000aa2906d18f
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Thu Aug 8 18:56:33 2019 +0200

    not really COMPRESS-490 - throw on negative sizes read from stream
---
 .../compressors/lz4/FramedLZ4CompressorInputStream.java     |  8 +++++++-
 .../snappy/FramedSnappyCompressorInputStream.java           | 13 +++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/apache/commons/compress/compressors/lz4/FramedLZ4CompressorInputStream.java b/src/main/java/org/apache/commons/compress/compressors/lz4/FramedLZ4CompressorInputStream.java
index 338725e..f0cf222 100644
--- a/src/main/java/org/apache/commons/compress/compressors/lz4/FramedLZ4CompressorInputStream.java
+++ b/src/main/java/org/apache/commons/compress/compressors/lz4/FramedLZ4CompressorInputStream.java
@@ -251,6 +251,9 @@ public class FramedLZ4CompressorInputStream extends CompressorInputStream
         long len = ByteUtils.fromLittleEndian(supplier, 4);
         boolean uncompressed = (len & UNCOMPRESSED_FLAG_MASK) != 0;
         int realLen = (int) (len & (~UNCOMPRESSED_FLAG_MASK));
+        if (realLen < 0) {
+            throw new IOException("found illegal block with negative size");
+        }
         if (realLen == 0) {
             verifyContentChecksum();
             if (!decompressConcatenated) {
@@ -353,7 +356,10 @@ public class FramedLZ4CompressorInputStream extends CompressorInputStream
     private int skipSkippableFrame(byte[] b) throws IOException {
         int read = 4;
         while (read == 4 && isSkippableFrameSignature(b)) {
-            long len = ByteUtils.fromLittleEndian(supplier, 4);
+            final long len = ByteUtils.fromLittleEndian(supplier, 4);
+            if (len < 0) {
+                throw new IOException("found illegal skippable frame with negative size");
+            }
             long skipped = IOUtils.skip(in, len);
             count(skipped);
             if (len != skipped) {
diff --git a/src/main/java/org/apache/commons/compress/compressors/snappy/FramedSnappyCompressorInputStream.java b/src/main/java/org/apache/commons/compress/compressors/snappy/FramedSnappyCompressorInputStream.java
index ff3d63c..ddc6462 100644
--- a/src/main/java/org/apache/commons/compress/compressors/snappy/FramedSnappyCompressorInputStream.java
+++ b/src/main/java/org/apache/commons/compress/compressors/snappy/FramedSnappyCompressorInputStream.java
@@ -120,12 +120,16 @@ public class FramedSnappyCompressorInputStream extends CompressorInputStream
      * @param blockSize the block size to use for the compressed stream
      * @param dialect the dialect used by the compressed stream
      * @throws IOException if reading fails
+     * @throws IllegalArgumentException if blockSize is not bigger than 0
      * @since 1.14
      */
     public FramedSnappyCompressorInputStream(final InputStream in,
                                              final int blockSize,
                                              final FramedSnappyDialect dialect)
         throws IOException {
+        if (blockSize <= 0) {
+            throw new IllegalArgumentException("blockSize must be bigger than 0");
+        }
         countingStream = new CountingInputStream(in);
         this.in = new PushbackInputStream(countingStream, 1);
         this.blockSize = blockSize;
@@ -246,10 +250,16 @@ public class FramedSnappyCompressorInputStream extends CompressorInputStream
         } else if (type == UNCOMPRESSED_CHUNK_TYPE) {
             inUncompressedChunk = true;
             uncompressedBytesRemaining = readSize() - 4 /* CRC */;
+            if (uncompressedBytesRemaining < 0) {
+                throw new IOException("found illegal chunk with negative size");
+            }
             expectedChecksum = unmask(readCrc());
         } else if (type == COMPRESSED_CHUNK_TYPE) {
             final boolean expectChecksum = dialect.usesChecksumWithCompressedChunks();
             final long size = readSize() - (expectChecksum ? 4L : 0L);
+            if (size < 0) {
+                throw new IOException("found illegal chunk with negative size");
+            }
             if (expectChecksum) {
                 expectedChecksum = unmask(readCrc());
             } else {
@@ -290,6 +300,9 @@ public class FramedSnappyCompressorInputStream extends CompressorInputStream
 
     private void skipBlock() throws IOException {
         final int size = readSize();
+        if (size < 0) {
+            throw new IOException("found illegal chunk with negative size");
+        }
         final long read = IOUtils.skip(in, size);
         count(read);
         if (read != size) {