commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohan Padhye (JIRA)" <j...@apache.org>
Subject [jira] [Created] (COMPRESS-424) [bzip2] Multiple ArrayIndexOutOfBoundsException(s) when decompressing malformed input
Date Thu, 19 Oct 2017 06:26:00 GMT
Rohan Padhye created COMPRESS-424:
-------------------------------------

             Summary: [bzip2] Multiple ArrayIndexOutOfBoundsException(s) when decompressing
malformed input
                 Key: COMPRESS-424
                 URL: https://issues.apache.org/jira/browse/COMPRESS-424
             Project: Commons Compress
          Issue Type: Bug
          Components: Compressors
    Affects Versions: 1.15, 1.14
            Reporter: Rohan Padhye
            Priority: Minor


Encountered multiple unchecked exceptions thrown from {{BZip2CompressorInputStream.<init>}}
when parsing malformed files. 

{{ArrayIndexOutOfBoundsException}} is an unchecked exception that is not documented in this
API; therefore, such exceptions can cause stability issues in applications that are not expecting
them. Instead, an {{IOException}} should be thrown indicating that the input stream contains
malformed data.

Stack traces for three distinct (but possibly related) sources of exceptions follow:

{noformat}
java.lang.ArrayIndexOutOfBoundsException: 65536
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.hbCreateDecodeTables(BZip2CompressorInputStream.java:422)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.createHuffmanDecodingTables(BZip2CompressorInputStream.java:546)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:518)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
{noformat}


{noformat}
java.lang.ArrayIndexOutOfBoundsException: 6
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:493)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)

{noformat}


{noformat}
java.lang.ArrayIndexOutOfBoundsException: 18002
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:605)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
{noformat}

The inputs were found by mutating random bytes in a simple well-formed file (a compressed
string of zeros).





--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message