commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeremy Gustie (JIRA)" <j...@apache.org>
Subject [jira] [Created] (COMPRESS-331) Some non TAR files are recognized by ArchiveStreamFactory
Date Sat, 23 Jan 2016 20:40:39 GMT
Jeremy Gustie created COMPRESS-331:
--------------------------------------

             Summary: Some non TAR files are recognized by ArchiveStreamFactory
                 Key: COMPRESS-331
                 URL: https://issues.apache.org/jira/browse/COMPRESS-331
             Project: Commons Compress
          Issue Type: Bug
          Components: Archivers
    Affects Versions: 1.10
            Reporter: Jeremy Gustie


I ran into a case where a PNG file is being recognized as TAR because {{TarUtils.verifyCheckSum}}
reports it as having a valid checksum (in this case the code thinks the stored checksum is
36936, unsigned is 31155 and signed is 19635). Because the stored checksum value is larger
then the unsigned checksum it is treated as a valid TAR.

I haven't spent enough time digging into the problem to see if there is a good alternative
to the existing check that doesn't have false positives like this PNG file (which, if anyone
is interested comes from an Android download).

Also, I noticed a minor thing in the code: the comment in {{TarUtils.verifyCheckSum}} has
the wrong bug number listed (it says 177 instead of 117).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message