You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Robin Schimpf (Jira)" <ji...@apache.org> on 2023/07/09 16:28:00 UTC

[jira] [Created] (COMPRESS-647) ArrayIndexOutOfBoundsException when reading Zip with data descriptor entries

Robin Schimpf created COMPRESS-647:
--------------------------------------

             Summary: ArrayIndexOutOfBoundsException when reading Zip with data descriptor entries
                 Key: COMPRESS-647
                 URL: https://issues.apache.org/jira/browse/COMPRESS-647
             Project: Commons Compress
          Issue Type: Bug
    Affects Versions: 1.23.0
            Reporter: Robin Schimpf
         Attachments: crash-commons-compress-ZipArchiveInputStream-dataDescriptor

The attached fuzzed zip file fails to open with the following test when the {{allowStoredEntriesWithDataDescriptor }}value is {{{}true{}}}.
{code:java}
@ParameterizedTest
@ValueSource(booleans = {true, false})
public void zipInputStream(final boolean allowStoredEntriesWithDataDescriptor) {
    try (ZipArchiveInputStream zIn = new ZipArchiveInputStream(Files.newInputStream(Paths.get("crash-commons-compress-ZipArchiveInputStream-dataDescriptor")), "UTF-8", false, allowStoredEntriesWithDataDescriptor)) {
        ZipArchiveEntry zae = zIn.getNextZipEntry();
        while (zae != null) {
            zae = zIn.getNextZipEntry();
        }
    } catch (IOException e) {
        // Ignore expected exception
    }
} {code}
The exception is
{code:java}
java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -6 out of bounds for byte[512]    at java.base/java.lang.System.arraycopy(Native Method)
    at java.base/java.io.PushbackInputStream.unread(PushbackInputStream.java:232)
    at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.pushback(ZipArchiveInputStream.java:979)
    at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.bufferContainsSignature(ZipArchiveInputStream.java:471)
    at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.readStoredEntry(ZipArchiveInputStream.java:1282)
    at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.readStored(ZipArchiveInputStream.java:1211)
    at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.read(ZipArchiveInputStream.java:1013)
    at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.skip(ZipArchiveInputStream.java:1343)
    at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.closeEntry(ZipArchiveInputStream.java:562)
    at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getNextZipEntry(ZipArchiveInputStream.java:735)
    at org.apache.commons.compress.archivers.zip.ZipArchiveInputStreamTest.zipInputStream(ZipArchiveInputStreamTest.java:765) {code}
I also tried to open the file with the ZipFile class and the crash does not occure there. Seems to only affect the stream implementation with that specific option.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)