You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2020/05/24 10:18:50 UTC

[commons-compress] branch master updated: COMPRESS-526 COMRESS-527 more potential runtime exceptions in deflate64

This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git


The following commit(s) were added to refs/heads/master by this push:
     new e176d4b  COMPRESS-526 COMRESS-527 more potential runtime exceptions in deflate64
e176d4b is described below

commit e176d4b7d2a818dd7550c9dcb16250c3470869f2
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Sun May 24 12:18:10 2020 +0200

    COMPRESS-526 COMRESS-527 more potential runtime exceptions in deflate64
---
 src/changes/changes.xml                            |  2 +-
 .../deflate64/Deflate64CompressorInputStream.java  |  4 +-
 .../compressors/deflate64/HuffmanDecoder.java      |  7 ++++
 .../Deflate64CompressorInputStreamTest.java        | 45 ++++++++++++++++++++++
 4 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index a942390..fb47c04 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -89,7 +89,7 @@ The <action> type attribute can be add,update,fix,remove.
         Added improved checks to detect corrupted deflate64 streams and
         throw the expected IOException rather than obscure
         RuntimeExceptions.
-        See also COMPRESS-522 and COMPRESS-525.
+        See also COMPRESS-522, COMPRESS-525, COMPRESS-526, and COMPRESS-527.
       </action>
     </release>
     <release version="1.20" date="2020-02-08"
diff --git a/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java b/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java
index 52ca191..c5434bf 100644
--- a/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java
+++ b/src/main/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStream.java
@@ -83,8 +83,8 @@ public class Deflate64CompressorInputStream extends CompressorInputStream implem
         if (decoder != null) {
             try {
                 read = decoder.decode(b, off, len);
-            } catch (IllegalStateException ex) {
-                throw new IOException("Invalid Defalt64 input", ex);
+            } catch (RuntimeException ex) {
+                throw new IOException("Invalid Deflate64 input", ex);
             }
             compressedBytesRead = decoder.getBytesRead();
             count(read);
diff --git a/src/main/java/org/apache/commons/compress/compressors/deflate64/HuffmanDecoder.java b/src/main/java/org/apache/commons/compress/compressors/deflate64/HuffmanDecoder.java
index 62715f3..87c3db9 100644
--- a/src/main/java/org/apache/commons/compress/compressors/deflate64/HuffmanDecoder.java
+++ b/src/main/java/org/apache/commons/compress/compressors/deflate64/HuffmanDecoder.java
@@ -462,6 +462,9 @@ class HuffmanDecoder implements Closeable {
                 for (int p = len - 1; p >= 0; p--) {
                     int bit = lit & (1 << p);
                     node = bit == 0 ? node.left() : node.right();
+                    if (node == null) {
+                        throw new IllegalStateException("node doesn't exist in Huffman tree");
+                    }
                 }
                 node.leaf(i);
                 literalCodes[len - 1]++;
@@ -475,6 +478,10 @@ class HuffmanDecoder implements Closeable {
         int[] blCount = new int[65];
 
         for (int aLitTable : litTable) {
+            if (aLitTable < 0 || aLitTable > 64) {
+                throw new IllegalArgumentException("Invalid code " + aLitTable
+                    + " in literal table");
+            }
             max = Math.max(max, aLitTable);
             blCount[aLitTable]++;
         }
diff --git a/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java b/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java
index a6cbefd..f4f1aa2 100644
--- a/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java
+++ b/src/test/java/org/apache/commons/compress/compressors/deflate64/Deflate64CompressorInputStreamTest.java
@@ -233,6 +233,51 @@ public class Deflate64CompressorInputStreamTest {
         });
     }
 
+    /**
+     * @see https://issues.apache.org/jira/browse/COMPRESS-526
+     */
+    @Test(expected = IOException.class)
+    public void shouldThrowIOExceptionInsteadOfRuntimeExceptionCOMPRESS526() throws Exception {
+        fuzzingTest(new int[] {
+            0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x00, 0x09, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6f, 0x00, 0x00, 0x00,
+            0x61, 0x4a, 0x04, 0x04, 0x00, 0x00, 0xff, 0xff, 0x50, 0x53,
+            0x07, 0x08, 0x43, 0xbe, 0xb7, 0xe8, 0x07, 0x00, 0x00, 0x00,
+            0x01, 0x00, 0x00, 0x00, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
+            0x08, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x01, 0x00, 0x00, 0x00, 0x62, 0x4a, 0x02, 0x04, 0x00, 0x00,
+            0xff, 0xff, 0x50, 0x4b, 0x7f, 0x08, 0xf9, 0xef, 0xbe, 0x71,
+            0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x4b,
+            0x03, 0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x63, 0x4a,
+            0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x50, 0x4b, 0x07, 0x08,
+            0x01, 0xdf, 0xb9, 0x06, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00,
+            0x00, 0x00, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x00,
+            0x08
+        });
+    }
+
+    /**
+     * @see https://issues.apache.org/jira/browse/COMPRESS-527
+     */
+    @Test(expected = IOException.class)
+    public void shouldThrowIOExceptionInsteadOfRuntimeExceptionCOMPRESS527() throws Exception {
+        fuzzingTest(new int[] {
+            0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00, 0x09, 0x00,
+            0x84, 0xb6, 0xba, 0x46, 0x72, 0xb6, 0xfe, 0x77, 0x4a, 0x00,
+            0x00, 0x00, 0x6b, 0x00, 0x00, 0x00, 0x03, 0x00, 0x1c, 0x00,
+            0x62, 0x62, 0x62, 0x55, 0x54, 0x09, 0x00, 0x03, 0xe7, 0xce,
+            0x64, 0x55, 0xf3, 0xce, 0x64, 0x55, 0x75, 0x78, 0x0b, 0x00,
+            0x01, 0x04, 0x5c, 0xf9, 0x01, 0x00, 0x04, 0x88, 0x13, 0x00,
+            0x00, 0x1d, 0x8b, 0xc1, 0x0d, 0xc0, 0x30, 0x08, 0x03, 0xff,
+            0x99, 0xc2, 0xab, 0x81, 0x50, 0x1a, 0xa8, 0x44, 0x1e, 0x56,
+            0x30, 0x7f, 0x21, 0x1f, 0x5b, 0x3e, 0x9d, 0x85, 0x6e
+        });
+    }
+
     private void fuzzingTest(final int[] bytes) throws Exception {
         final int len = bytes.length;
         final byte[] input = new byte[len];