You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2013/02/20 20:22:39 UTC
svn commit: r1448357 - in /commons/proper/compress/trunk/src:
changes/changes.xml
main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java
Author: bodewig
Date: Wed Feb 20 19:22:39 2013
New Revision: 1448357
URL: http://svn.apache.org/r1448357
Log:
COMPRESS-219 reading stored entries could try to read past the end of the internal buffer
Modified:
commons/proper/compress/trunk/src/changes/changes.xml
commons/proper/compress/trunk/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
commons/proper/compress/trunk/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java
Modified: commons/proper/compress/trunk/src/changes/changes.xml
URL: http://svn.apache.org/viewvc/commons/proper/compress/trunk/src/changes/changes.xml?rev=1448357&r1=1448356&r2=1448357&view=diff
==============================================================================
--- commons/proper/compress/trunk/src/changes/changes.xml (original)
+++ commons/proper/compress/trunk/src/changes/changes.xml Wed Feb 20 19:22:39 2013
@@ -160,6 +160,10 @@ The <action> type attribute can be add,u
Updated XZ for Java dependency to 1.2 as this version
provides proper OSGi manifest attributes.
</action>
+ <action type="fix" date="2013-02-20" issue="COMPRESS-219">
+ Fixed a potential ArrayIndexOutOfBoundsException when
+ reading STORED entries from ZipArchiveInputStream.
+ </action>
</release>
<release version="1.4.1" date="2012-05-23"
description="Release 1.4.1">
Modified: commons/proper/compress/trunk/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
URL: http://svn.apache.org/viewvc/commons/proper/compress/trunk/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java?rev=1448357&r1=1448356&r2=1448357&view=diff
==============================================================================
--- commons/proper/compress/trunk/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java (original)
+++ commons/proper/compress/trunk/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java Wed Feb 20 19:22:39 2013
@@ -426,9 +426,8 @@ public class ZipArchiveInputStream exten
current.bytesReadFromStream += buf.lengthOfLastRead;
}
- int toRead = length > buf.lengthOfLastRead
- ? buf.lengthOfLastRead - buf.offsetInBuffer
- : length;
+ int availableBytesInBuffer = buf.lengthOfLastRead - buf.offsetInBuffer;
+ int toRead = Math.min(availableBytesInBuffer, length);
if ((csize - current.bytesRead) < toRead) {
// if it is smaller than toRead then it fits into an int
toRead = (int) (csize - current.bytesRead);
Modified: commons/proper/compress/trunk/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java
URL: http://svn.apache.org/viewvc/commons/proper/compress/trunk/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java?rev=1448357&r1=1448356&r2=1448357&view=diff
==============================================================================
--- commons/proper/compress/trunk/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java (original)
+++ commons/proper/compress/trunk/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java Wed Feb 20 19:22:39 2013
@@ -19,15 +19,22 @@
package org.apache.commons.compress.archivers.zip;
import static org.apache.commons.compress.AbstractTestCase.getFile;
+import static org.apache.commons.compress.AbstractTestCase.mkdir;
+import static org.apache.commons.compress.AbstractTestCase.rmdir;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import java.io.BufferedInputStream;
+import java.io.File;
import java.io.FileInputStream;
+import java.io.FileOutputStream;
import java.io.InputStream;
+import java.io.IOException;
+import java.io.OutputStream;
import org.junit.Test;
+import org.apache.commons.compress.utils.IOUtils;
public class ZipArchiveInputStreamTest {
@@ -93,4 +100,31 @@ public class ZipArchiveInputStreamTest {
assertArrayEquals(expected, actual);
zip.close();
}
+
+ /**
+ * @see "https://issues.apache.org/jira/browse/COMPRESS-219"
+ */
+ @Test
+ public void shouldReadNestedZip() throws IOException {
+ ZipArchiveInputStream in = null;
+ try {
+ in = new ZipArchiveInputStream(new FileInputStream(getFile("COMPRESS-219.zip")));
+ extractZipInputStream(in);
+ } finally {
+ if (in != null) {
+ in.close();
+ }
+ }
+ }
+
+ private void extractZipInputStream(final ZipArchiveInputStream in)
+ throws IOException {
+ ZipArchiveEntry zae = in.getNextZipEntry();
+ while (zae != null) {
+ if (zae.getName().endsWith(".zip")) {
+ extractZipInputStream(new ZipArchiveInputStream(in));
+ }
+ zae = in.getNextZipEntry();
+ }
+ }
}