You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2020/05/24 10:18:50 UTC
[commons-compress] branch master updated: COMPRESS-526 COMRESS-527
more potential runtime exceptions in deflate64
This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new e176d4b COMPRESS-526 COMRESS-527 more potential runtime exceptions in deflate64
e176d4b is described below
commit e176d4b7d2a818dd7550c9dcb16250c3470869f2
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Sun May 24 12:18:10 2020 +0200
COMPRESS-526 COMRESS-527 more potential runtime exceptions in deflate64
---
src/changes/changes.xml | 2 +-
.../deflate64/Deflate64CompressorInputStream.java | 4 +-
.../compressors/deflate64/HuffmanDecoder.java | 7 ++++
.../Deflate64CompressorInputStreamTest.java | 45 ++++++++++++++++++++++
4 files changed, 55 insertions(+), 3 deletions(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index a942390..fb47c04 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -89,7 +89,7 @@ The <action> type attribute can be add,update,fix,remove.
Added improved checks to detect corrupted deflate64 streams and
throw the expected IOException rather than obscure
RuntimeExceptions.
- See also COMPRESS-522 and COMPRESS-525.
+ See also COMPRESS-522, COMPRESS-525, COMPRESS-526, and COMPRESS-527.
</action>
</release>
<release version="1.20" date="2020-02-08"
diff --git a/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java b/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java
index 52ca191..c5434bf 100644
--- a/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java
+++ b/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java
@@ -83,8 +83,8 @@ public class Deflate64CompressorInputStream extends CompressorInputStream implem
if (decoder != null) {
try {
read = decoder.decode(b, off, len);
- } catch (IllegalStateException ex) {
- throw new IOException("Invalid Defalt64 input", ex);
+ } catch (RuntimeException ex) {
+ throw new IOException("Invalid Deflate64 input", ex);
}
compressedBytesRead = decoder.getBytesRead();
count(read);
diff --git a/src/main/java/org/apache/commons/compress/compressors/deflate64/HuffmanDecoder.java b/src/main/java/org/apache/commons/compress/compressors/deflate64/HuffmanDecoder.java
index 62715f3..87c3db9 100644
--- a/src/main/java/org/apache/commons/compress/compressors/deflate64/HuffmanDecoder.java
+++ b/src/main/java/org/apache/commons/compress/compressors/deflate64/HuffmanDecoder.java
@@ -462,6 +462,9 @@ class HuffmanDecoder implements Closeable {
for (int p = len - 1; p >= 0; p--) {
int bit = lit & (1 << p);
node = bit == 0 ? node.left() : node.right();
+ if (node == null) {
+ throw new IllegalStateException("node doesn't exist in Huffman tree");
+ }
}
node.leaf(i);
literalCodes[len - 1]++;
@@ -475,6 +478,10 @@ class HuffmanDecoder implements Closeable {
int[] blCount = new int[65];
for (int aLitTable : litTable) {
+ if (aLitTable < 0 || aLitTable > 64) {
+ throw new IllegalArgumentException("Invalid code " + aLitTable
+ + " in literal table");
+ }
max = Math.max(max, aLitTable);
blCount[aLitTable]++;
}
diff --git a/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java b/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java
index a6cbefd..f4f1aa2 100644
--- a/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java
+++ b/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java
@@ -233,6 +233,51 @@ public class Deflate64CompressorInputStreamTest {
});
}
+ /**
+ * @see https://issues.apache.org/jira/browse/COMPRESS-526
+ */
+ @Test(expected = IOException.class)
+ public void shouldThrowIOExceptionInsteadOfRuntimeExceptionCOMPRESS526() throws Exception {
+ fuzzingTest(new int[] {
+ 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x00, 0x09, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6f, 0x00, 0x00, 0x00,
+ 0x61, 0x4a, 0x04, 0x04, 0x00, 0x00, 0xff, 0xff, 0x50, 0x53,
+ 0x07, 0x08, 0x43, 0xbe, 0xb7, 0xe8, 0x07, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
+ 0x08, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x62, 0x4a, 0x02, 0x04, 0x00, 0x00,
+ 0xff, 0xff, 0x50, 0x4b, 0x7f, 0x08, 0xf9, 0xef, 0xbe, 0x71,
+ 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x4b,
+ 0x03, 0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x63, 0x4a,
+ 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x50, 0x4b, 0x07, 0x08,
+ 0x01, 0xdf, 0xb9, 0x06, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00,
+ 0x00, 0x00, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x00,
+ 0x08
+ });
+ }
+
+ /**
+ * @see https://issues.apache.org/jira/browse/COMPRESS-527
+ */
+ @Test(expected = IOException.class)
+ public void shouldThrowIOExceptionInsteadOfRuntimeExceptionCOMPRESS527() throws Exception {
+ fuzzingTest(new int[] {
+ 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00, 0x09, 0x00,
+ 0x84, 0xb6, 0xba, 0x46, 0x72, 0xb6, 0xfe, 0x77, 0x4a, 0x00,
+ 0x00, 0x00, 0x6b, 0x00, 0x00, 0x00, 0x03, 0x00, 0x1c, 0x00,
+ 0x62, 0x62, 0x62, 0x55, 0x54, 0x09, 0x00, 0x03, 0xe7, 0xce,
+ 0x64, 0x55, 0xf3, 0xce, 0x64, 0x55, 0x75, 0x78, 0x0b, 0x00,
+ 0x01, 0x04, 0x5c, 0xf9, 0x01, 0x00, 0x04, 0x88, 0x13, 0x00,
+ 0x00, 0x1d, 0x8b, 0xc1, 0x0d, 0xc0, 0x30, 0x08, 0x03, 0xff,
+ 0x99, 0xc2, 0xab, 0x81, 0x50, 0x1a, 0xa8, 0x44, 0x1e, 0x56,
+ 0x30, 0x7f, 0x21, 0x1f, 0x5b, 0x3e, 0x9d, 0x85, 0x6e
+ });
+ }
+
private void fuzzingTest(final int[] bytes) throws Exception {
final int len = bytes.length;
final byte[] input = new byte[len];