You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@commons.apache.org by bo...@apache.org on 2021/05/16 15:40:30 UTC

[commons-compress] branch master updated: COMPRESS-542 guard against integer overflow

This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git


The following commit(s) were added to refs/heads/master by this push:
     new 60d551a  COMPRESS-542 guard against integer overflow
60d551a is described below

commit 60d551a748236d7f4651a4ae88d5a351f7c5754b
Author: Stefan Bodewig <st...@innoq.com>
AuthorDate: Sun May 16 17:39:44 2021 +0200

    COMPRESS-542 guard against integer overflow
---
 .../java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
index 2d7bb77..521aed8 100644
--- a/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
+++ b/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
@@ -943,6 +943,8 @@ public class SevenZFile implements Closeable {
             stats.numberOfUnpackSubStreams = stats.numberOfFolders;
         }
 
+        assertFitsIntoNonNegativeInt(stats.numberOfUnpackSubStreams);
+
         if (nid == NID.kSize) {
             for (final int numUnpackSubStreams : numUnpackSubStreamsPerFolder) {
                 if (numUnpackSubStreams == 0) {