You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Stefan Bodewig (JIRA)" <ji...@apache.org> on 2019/04/18 18:58:00 UTC
[jira] [Created] (COMPRESS-482) ZipArchiveInputStream's "data
descriptor for stored entries" feature doesn't work if the data descriptor
doesn't contain a signature
Stefan Bodewig created COMPRESS-482:
---------------------------------------
Summary: ZipArchiveInputStream's "data descriptor for stored entries" feature doesn't work if the data descriptor doesn't contain a signature
Key: COMPRESS-482
URL: https://issues.apache.org/jira/browse/COMPRESS-482
Project: Commons Compress
Issue Type: Bug
Components: Archivers
Affects Versions: 1.18
Reporter: Stefan Bodewig
Assignee: Stefan Bodewig
Fix For: 1.19
In the first branch of the next block from {{bufferContainSignature}}
{code:java}
if ((buf.array()[i + 2] == LFH[2] && buf.array()[i + 3] == LFH[3])
|| (buf.array()[i] == CFH[2] && buf.array()[i + 3] == CFH[3])) {
// found a LFH or CFH:
readTooMuch = offset + lastRead - i - expectedDDLen;
done = true;
}
else if (buf.array()[i + 2] == DD[2] && buf.array()[i + 3] == DD[3]) {
// found DD:
readTooMuch = offset + lastRead - i;
done = true;
}
{code}
{{readTooMuch}} should probably add {{expectedDDLen}} rather than subtract it. It leaves the DD inside of the read stream for the last stored entry rather than positioning the stream in front of it. Unfortunately we don't seem to have a single unit test that would execute the branch.
Also the current implementation of {{bufferContainSignature}} will stop when a local file header is found even before enough data for a data descriptor has been read at all. In COMPRESS-480 it will detect the very first local file header in the embedded XPI file at offset 0 even though there must be twelve bytes of data descriptor before the first candidate.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)