You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Stefan Bodewig (JIRA)" <ji...@apache.org> on 2018/04/23 10:02:00 UTC
[jira] [Resolved] (COMPRESS-447) ArrayIndexOutOfBoundsException in
ZipFile
[ https://issues.apache.org/jira/browse/COMPRESS-447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefan Bodewig resolved COMPRESS-447.
-------------------------------------
Resolution: Fixed
Great, thanks!
> ArrayIndexOutOfBoundsException in ZipFile
> -----------------------------------------
>
> Key: COMPRESS-447
> URL: https://issues.apache.org/jira/browse/COMPRESS-447
> Project: Commons Compress
> Issue Type: Bug
> Components: Archivers
> Reporter: floyd
> Priority: Major
> Fix For: 1.17
>
> Attachments: 7_uncaught_ArrayIndexOutOfBoundsException_1.zip, 7_uncaught_ArrayIndexOutOfBoundsException_2.zip
>
>
> As part of a fuzzing run for a larger software that uses Apache Commons Compress ZipFile with the AFL-based Kelinci fuzzer found at https://github.com/isstac/kelinci I found the following ArrayIndexOutOfBoundsException issues:
> {code:java}
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException
> at java.lang.System.arraycopy(Native Method)
> at org.apache.commons.compress.archivers.zip.X7875_NewUnix.parseFromLocalFileData(X7875_NewUnix.java:224)
> at org.apache.commons.compress.archivers.zip.ExtraFieldUtils.parse(ExtraFieldUtils.java:179)
> at org.apache.commons.compress.archivers.zip.ZipArchiveEntry.setExtra(ZipArchiveEntry.java:571)
> at org.apache.commons.compress.archivers.zip.ZipFile.resolveLocalFileHeaderData(ZipFile.java:1042)
> at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:291)
> at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:213)
> at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:196)
> at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:157){code}
> The issue can be reproduced with the attached files.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)