You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by pe...@apache.org on 2020/08/15 09:58:44 UTC
[commons-compress] branch master updated: COMPRESS-546 : throw
exception on corrputed z64
This is an automated email from the ASF dual-hosted git repository.
peterlee pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new 20f2dfb COMPRESS-546 : throw exception on corrputed z64
20f2dfb is described below
commit 20f2dfbc48a18d8cce8f95005d067752c0bef31f
Author: PeterAlfredLee <pe...@gmail.com>
AuthorDate: Sat Aug 15 17:55:58 2020 +0800
COMPRESS-546 : throw exception on corrputed z64
ZipArchiveInputStream should throw exception if a corrputed zip64 extra
field is met.
---
src/changes/changes.xml | 5 +++++
.../compress/archivers/zip/ZipArchiveInputStream.java | 5 +++++
.../compress/archivers/zip/ZipArchiveInputStreamTest.java | 9 +++++++++
src/test/resources/COMPRESS-546.zip | Bin 0 -> 77 bytes
4 files changed, 19 insertions(+)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index ad224f7..73cf48c 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -185,6 +185,11 @@ The <action> type attribute can be add,update,fix,remove.
allocation to avoid OOM when dealing some giant 7z archives.
Github Pull Request #120.
</action>
+ <action issue="COMPRESS-546" type="fix" date="2020-08-15"
+ due-to="Maksim Zuev" dev="PeterLee">
+ ZipArchiveInputStream should throw an exception if a corrputed
+ zip64 extra field is met.
+ </action>
</release>
<release version="1.20" date="2020-02-08"
description="Release 1.20">
diff --git a/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java b/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
index a0ace8d..66fd17b 100644
--- a/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
+++ b/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
@@ -429,6 +429,11 @@ public class ZipArchiveInputStream extends ArchiveInputStream implements InputSt
if (!current.hasDataDescriptor) {
if (z64 != null // same as current.usesZip64 but avoids NPE warning
&& (ZipLong.ZIP64_MAGIC.equals(cSize) || ZipLong.ZIP64_MAGIC.equals(size)) ) {
+ if (z64.getCompressedSize() == null || z64.getSize() == null) {
+ // avoid NPE if it's a corrupted zip archive
+ throw new ZipException("archive contains corrupted zip64 extra field");
+ }
+
current.entry.setCompressedSize(z64.getCompressedSize().getLongValue());
current.entry.setSize(z64.getSize().getLongValue());
} else if (cSize != null && size != null) {
diff --git a/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java b/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java
index 9e47fcd..23b695a 100644
--- a/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java
+++ b/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java
@@ -710,6 +710,15 @@ public class ZipArchiveInputStreamTest {
});
}
+ @Test(expected = IOException.class)
+ public void throwsIOExceptionIfThereIsCorruptedZip64Extra() throws IOException {
+ try (InputStream fis = new FileInputStream(getFile("COMPRESS-546.zip"));
+ ZipArchiveInputStream zipInputStream = new ZipArchiveInputStream(fis);) {
+ while (zipInputStream.getNextZipEntry() != null) {
+ }
+ }
+ }
+
private static byte[] readEntry(final ZipArchiveInputStream zip, final ZipArchiveEntry zae) throws IOException {
final int len = (int)zae.getSize();
final byte[] buff = new byte[len];
diff --git a/src/test/resources/COMPRESS-546.zip b/src/test/resources/COMPRESS-546.zip
new file mode 100644
index 0000000..0fad172
Binary files /dev/null and b/src/test/resources/COMPRESS-546.zip differ