You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Stefan Bodewig (JIRA)" <ji...@apache.org> on 2013/04/15 06:28:15 UTC
[jira] [Resolved] (COMPRESS-222) ZipArchiveInputStream may read
incorrect bytes from stream when processing nested ZIP
[ https://issues.apache.org/jira/browse/COMPRESS-222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefan Bodewig resolved COMPRESS-222.
-------------------------------------
Resolution: Invalid
Whew, this time it's not commons-compress.
You don't check the return code of read and thus sometimes only read a partial header. I'll attach a patched version that really only ensures the header has been read completely and it does detect all tiffs.
> ZipArchiveInputStream may read incorrect bytes from stream when processing nested ZIP
> -------------------------------------------------------------------------------------
>
> Key: COMPRESS-222
> URL: https://issues.apache.org/jira/browse/COMPRESS-222
> Project: Commons Compress
> Issue Type: Bug
> Components: Archivers
> Affects Versions: 1.5
> Reporter: Dmitry Katsubo
> Labels: zip
> Fix For: 1.6
>
> Attachments: ArchiveTest.java, ArchiveTest.java, log_read_whole_entry.txt, log.txt, md5.correct.txt
>
>
> The problem is relevant to COMPRESS-189, in particular it relates to processing of inner ZIP files.
> Problem description:
> If the archive entry is not fully read, then partial reading returns incorrect contents.
> In particular the given example loops trough all entries of "09815141_4.zip" ZIP archive, probing each entry to be a TIFF file. The probe assumes that given file is TIFF, if it starts with bytes [0x49 0x49 0x2A 0x0 0x8 0x0 0x0 0x0 0x14 0x0].
> Most entries are correctly reported as TIFF, except:
> {code}
> [ArchiveTest] 000017.tif is something else
> [ArchiveTest] Header contents: 0x49 0x49 0x2A 0x0 0x8 0x0 0x0 0x0 0x0 0x0
> [ArchiveTest] 000033.tif is something else
> [ArchiveTest] Header contents: 0x49 0x49 0x2A 0x0 0x0 0x0 0x0 0x0 0x0 0x0
> [ArchiveTest] 000056.tif is something else
> [ArchiveTest] Header contents: 0x49 0x49 0x2A 0x0 0x8 0x0 0x0 0x0 0x0 0x0
> [ArchiveTest] 000069.tif is something else
> [ArchiveTest] Header contents: 0x49 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
> {code}
> As I can see, the problem can be introduced at any random byte.
> If the program is set {{READ_WHOLE_ENTRY=true}} then all entries are fully read and MD5 sum is calculated. MD5 sum matches and all entries are correctly reported as TIFF. Thus the problem is only present when entry is not fully read and {{ArchiveInputStream.getNextEntry()}} is called.
> Test ZIP can be downloaded from: https://www.dropbox.com/s/h20wo6t0mwbgsqc/09815141_4.zip
> It was originally taken from WIPO FTP (i.e. it is in public domain) and was a bit stripped.
> Difficult to say what is the impact of this bug, but for 475 ZIP-in-ZIPs in my collection I have found 3 examples of incorrect contents extraction.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira