Simple and pragmatic: -) Gary
On Sun, Apr 22, 2018, 09:45 <bode...@apache.org> wrote: > Repository: commons-compress > Updated Branches: > refs/heads/master 777853369 -> 166b186e8 > > > COMPRESS-447 turn ArrayIndexOutOfBoundsExceptions into ZipExceptions > > > Project: http://git-wip-us.apache.org/repos/asf/commons-compress/repo > Commit: > http://git-wip-us.apache.org/repos/asf/commons-compress/commit/bd3e6cf2 > Tree: > http://git-wip-us.apache.org/repos/asf/commons-compress/tree/bd3e6cf2 > Diff: > http://git-wip-us.apache.org/repos/asf/commons-compress/diff/bd3e6cf2 > > Branch: refs/heads/master > Commit: bd3e6cf204f249c2d60eca2268c8b9f402149f1b > Parents: 7778533 > Author: Stefan Bodewig <bode...@apache.org> > Authored: Sun Apr 22 17:44:25 2018 +0200 > Committer: Stefan Bodewig <bode...@apache.org> > Committed: Sun Apr 22 17:44:25 2018 +0200 > > ---------------------------------------------------------------------- > src/changes/changes.xml | 5 ++++ > .../compress/archivers/zip/ExtraFieldUtils.java | 5 ++++ > .../archivers/zip/ExtraFieldUtilsTest.java | 29 ++++++++++++++++++++ > 3 files changed, 39 insertions(+) > ---------------------------------------------------------------------- > > > > http://git-wip-us.apache.org/repos/asf/commons-compress/blob/bd3e6cf2/src/changes/changes.xml > ---------------------------------------------------------------------- > diff --git a/src/changes/changes.xml b/src/changes/changes.xml > index 31b2439..e1d5ecc 100644 > --- a/src/changes/changes.xml > +++ b/src/changes/changes.xml > @@ -55,6 +55,11 @@ The <action> type attribute can be > add,update,fix,remove. > Fixed some code examples. > Github Pull Request #63. > </action> > + <action issue="COMPRESS-447" type="fix" date="2018-04-22"> > + Certain errors when parsing ZIP extra fields in corrupt > + archives are now turned into ZipException, they used to > + manifest as ArrayIndexOutOfBoundsException before. > + </action> > </release> > <release version="1.16.1" date="2018-02-10" > description="Release 1.16.1"> > > > http://git-wip-us.apache.org/repos/asf/commons-compress/blob/bd3e6cf2/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java > ---------------------------------------------------------------------- > diff --git > a/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java > b/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java > index 14691c4..b41dbb6 100644 > --- > a/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java > +++ > b/src/main/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtils.java > @@ -175,12 +175,17 @@ public class ExtraFieldUtils { > } > try { > final ZipExtraField ze = createExtraField(headerId); > + try { > if (local) { > ze.parseFromLocalFileData(data, start + WORD, length); > } else { > ze.parseFromCentralDirectoryData(data, start + WORD, > length); > } > + } catch (ArrayIndexOutOfBoundsException aiobe) { > + throw (ZipException) new ZipException("Failed to > parse corrupt ZIP extra field of type " > + + > Integer.toHexString(headerId.getValue())).initCause(aiobe); > + } > v.add(ze); > } catch (final InstantiationException | > IllegalAccessException ie) { > throw (ZipException) new > ZipException(ie.getMessage()).initCause(ie); > > > http://git-wip-us.apache.org/repos/asf/commons-compress/blob/bd3e6cf2/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java > ---------------------------------------------------------------------- > diff --git > a/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java > b/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java > index 3803817..56b7d76 100644 > --- > a/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java > +++ > b/src/test/java/org/apache/commons/compress/archivers/zip/ExtraFieldUtilsTest.java > @@ -23,6 +23,8 @@ import static org.junit.Assert.*; > import org.junit.Before; > import org.junit.Test; > > +import java.util.zip.ZipException; > + > /** > * JUnit testcases for > org.apache.commons.compress.archivers.zip.ExtraFieldUtils. > * > @@ -93,6 +95,33 @@ public class ExtraFieldUtilsTest implements UnixStat { > e.getMessage()); > } > } > + > + @Test > + public void parseTurnsArrayIndexOutOfBoundsIntoZipException() throws > Exception { > + AsiExtraField f = new AsiExtraField(); > + f.setLinkedFile("foo"); > + byte[] l = f.getLocalFileDataData(); > + // manipulate size of path name to read 4 rather than 3 > + l[9] = 4; > + // and fake CRC so we actually reach the AIOBE > + l[0] = (byte) 0x52; > + l[1] = (byte) 0x26; > + l[2] = (byte) 0x18; > + l[3] = (byte) 0x19; > + byte[] d = new byte[4 + l.length]; > + System.arraycopy(f.getHeaderId().getBytes(), 0, d, 0, 2); > + System.arraycopy(f.getLocalFileDataLength().getBytes(), 0, d, 2, > 2); > + System.arraycopy(l, 0, d, 4, l.length); > + try { > + ExtraFieldUtils.parse(d); > + fail("data should be invalid"); > + } catch (final ZipException e) { > + assertEquals("message", > + "Failed to parse corrupt ZIP extra field of type > 756e", > + e.getMessage()); > + } > + } > + > @Test > public void testParseCentral() throws Exception { > final ZipExtraField[] ze = ExtraFieldUtils.parse(data,false); > >
