You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Alex Rebert (JIRA)" <ji...@apache.org> on 2019/07/24 14:21:00 UTC
[jira] [Created] (COMPRESS-490) [lz4] Multiple unchecked exceptions
when decompressing malformed input
Alex Rebert created COMPRESS-490:
------------------------------------
Summary: [lz4] Multiple unchecked exceptions when decompressing malformed input
Key: COMPRESS-490
URL: https://issues.apache.org/jira/browse/COMPRESS-490
Project: Commons Compress
Issue Type: Bug
Components: Compressors
Affects Versions: 1.18
Environment: MacOS Mojave
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b03)
OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b03, mixed mode)
Reporter: Alex Rebert
Attachments: ArithmeticException, ArrayIndexOutOfBoundsException1, ArrayIndexOutOfBoundsException2
Encountered multiple unchecked exceptions thrown from {{FramedLZ4CompressorInputStream.read}} when parsing malformed files.
{{ArrayIndexOutOfBoundsException}} and {{ArithmeticException}} are unchecked exceptions that are not documented in this API; therefore, such exceptions can cause stability issues in applications that are not expecting them. Instead, an {{IOException}} should be thrown indicating that the input stream contains malformed data.
Stack traces for three distinct (but possibly related) sources of exceptions follow:
{noformat}
java.lang.ArithmeticException: / by zero
at org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream.tryToCopy(AbstractLZ77CompressorInputStream.java:314)
at org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream.readBackReference(AbstractLZ77CompressorInputStream.java:291)
at org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorInputStream.read(BlockLZ4CompressorInputStream.java:83)
at org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream.readOnce(FramedLZ4CompressorInputStream.java:328)
at org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream.read(FramedLZ4CompressorInputStream.java:145)
at java.io.InputStream.read(InputStream.java:101)
{noformat}
{noformat}
java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy(Native Method)
at org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream.tryToCopy(AbstractLZ77CompressorInputStream.java:308)
at org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream.readBackReference(AbstractLZ77CompressorInputStream.java:291)
at org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorInputStream.read(BlockLZ4CompressorInputStream.java:83)
at org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream.readOnce(FramedLZ4CompressorInputStream.java:328)
at org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream.read(FramedLZ4CompressorInputStream.java:145)
at java.io.InputStream.read(InputStream.java:101)
{noformat}
{noformat}
java.lang.ArrayIndexOutOfBoundsException: -1
at org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream.tryToCopy(AbstractLZ77CompressorInputStream.java:304)
at org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream.readBackReference(AbstractLZ77CompressorInputStream.java:291)
at org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorInputStream.read(BlockLZ4CompressorInputStream.java:83)
at org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorInputStream.read(BlockLZ4CompressorInputStream.java:75)
at org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream.readOnce(FramedLZ4CompressorInputStream.java:328)
at org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream.read(FramedLZ4CompressorInputStream.java:145)
at java.io.InputStream.read(InputStream.java:101)
{noformat}
The inputs were automatically generated by fuzzing, by repeatedly mutating random bytes in a well-formed file.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)