You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2020/01/21 12:21:33 UTC

[commons-compress] 02/04: still check nSelectors in not negative

This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git

commit 70835c96f0adf6cf000df1892b21681a129d707a
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Tue Jan 21 13:12:34 2020 +0100

    still check nSelectors in not negative
    
    see #91
---
 .../compressors/bzip2/BZip2CompressorInputStream.java      | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java b/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java
index 116772c..d6e1500 100644
--- a/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java
+++ b/src/main/java/org/apache/commons/compress/compressors/bzip2/BZip2CompressorInputStream.java
@@ -494,7 +494,10 @@ public class BZip2CompressorInputStream extends CompressorInputStream
         final int alphaSize = this.nInUse + 2;
         /* Now the selectors */
         final int nGroups = bsR(bin, 3);
-        int nSelectors = bsR(bin, 15);
+        final int selectors = bsR(bin, 15);
+        if (selectors < 0) {
+            throw new IOException("Corrupted input, nSelectors value negative");
+        }
         checkBounds(alphaSize, MAX_ALPHA_SIZE + 1, "alphaSize");
         checkBounds(nGroups, N_GROUPS + 1, "nGroups");
 
@@ -502,17 +505,16 @@ public class BZip2CompressorInputStream extends CompressorInputStream
         // See https://gnu.wildebeest.org/blog/mjw/2019/08/02/bzip2-and-the-cve-that-wasnt/
         // and https://sourceware.org/ml/bzip2-devel/2019-q3/msg00007.html
 
-        for (int i = 0; i < nSelectors; i++) {
+        for (int i = 0; i < selectors; i++) {
             int j = 0;
             while (bsGetBit(bin)) {
                 j++;
             }
-            if (i < MAX_SELECTORS)
+            if (i < MAX_SELECTORS) {
                 selectorMtf[i] = (byte) j;
+            }
         }
-        if (nSelectors > MAX_SELECTORS) {
-            nSelectors = MAX_SELECTORS;
-        }
+        final int nSelectors = selectors > MAX_SELECTORS ? MAX_SELECTORS : selectors;
 
         /* Undo the MTF values for the selectors. */
         for (int v = nGroups; --v >= 0;) {