commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohan Padhye (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COMPRESS-424) [bzip2] Multiple ArrayIndexOutOfBoundsException(s) when decompressing malformed input
Date Mon, 27 Nov 2017 18:13:00 GMT

    [ https://issues.apache.org/jira/browse/COMPRESS-424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16267172#comment-16267172
] 

Rohan Padhye commented on COMPRESS-424:
---------------------------------------

To be fair, the JVM does insert those bounds checks anyway in order to decide whether or not
throw an exception, so I am not sure how _considerable_ the slow down would be with additional
bounds check in Java.

That said, if several sources of {{ArrayIndexOutOfBounds}} are expected, then indeed catching
them and throwing an {{IOException}} instead would make the implementation consistent with
the API specification. My primary concern is that applications that process user-derived input
files should expect the decompression to either succeed or to fail using an {{IOException}},
such that they can handle either case in an application-specific way (e.g. show an error message
to the end-user). Throwing an undocumented unchecked exception would probably lead such an
application to crash unexpectedly or log the error in a top-level exception handling mechanism
instead of gracefully interacting with the end-user. Consequently, developers using the bzip2
API would be forced to explicitly handle {{ArrayIndexOutOfBounds}}, but this seems like an
implementation detail that is being leaked outside.

The risk with this approach, of course, is that any {{ArrayIndexOutOfBounds}} would be wrapped
in an {{IOException}}, even if there was a genuine bug in processing a well-formed file (and
would thus make such a hypothetical bug slightly harder to detect).

> [bzip2] Multiple ArrayIndexOutOfBoundsException(s) when decompressing malformed input
> -------------------------------------------------------------------------------------
>
>                 Key: COMPRESS-424
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-424
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Compressors
>    Affects Versions: 1.14, 1.15
>            Reporter: Rohan Padhye
>            Priority: Minor
>         Attachments: bad1.bz2, bad2.bz2, bad3.bz2
>
>
> Encountered multiple unchecked exceptions thrown from {{BZip2CompressorInputStream.<init>}}
when parsing malformed files. 
> {{ArrayIndexOutOfBoundsException}} is an unchecked exception that is not documented in
this API; therefore, such exceptions can cause stability issues in applications that are not
expecting them. Instead, an {{IOException}} should be thrown indicating that the input stream
contains malformed data.
> Stack traces for three distinct (but possibly related) sources of exceptions follow:
> {noformat}
> java.lang.ArrayIndexOutOfBoundsException: 65536
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.hbCreateDecodeTables(BZip2CompressorInputStream.java:422)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.createHuffmanDecodingTables(BZip2CompressorInputStream.java:546)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:518)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
> {noformat}
> {noformat}
> java.lang.ArrayIndexOutOfBoundsException: 6
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:493)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
> {noformat}
> {noformat}
> java.lang.ArrayIndexOutOfBoundsException: 18002
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:605)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
> {noformat}
> The inputs were found by mutating random bytes in a simple well-formed file (a compressed
string of zeros).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message