commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Bodewig (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COMPRESS-424) [bzip2] Multiple ArrayIndexOutOfBoundsException(s) when decompressing malformed input
Date Tue, 28 Nov 2017 16:25:00 GMT

    [ https://issues.apache.org/jira/browse/COMPRESS-424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16268989#comment-16268989
] 

Stefan Bodewig commented on COMPRESS-424:
-----------------------------------------

Well, my "considerable" is a guess and maybe I should just try it (I do have a JMH setup to
look at the effects). For three places you've found there is no big problem to expect as this
is setup code that is run once per "block" of 900kB so the effects are probably minor.

For the code that really gets hit a lot we'll need some time to review it, it is not an easy
read and it's been quite some time since I last tried to wrap my head around it.

I understand where you are coming from but won't rule out you may find similar errors within
the other compressors or archivers as well.

> [bzip2] Multiple ArrayIndexOutOfBoundsException(s) when decompressing malformed input
> -------------------------------------------------------------------------------------
>
>                 Key: COMPRESS-424
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-424
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Compressors
>    Affects Versions: 1.14, 1.15
>            Reporter: Rohan Padhye
>            Priority: Minor
>         Attachments: bad1.bz2, bad2.bz2, bad3.bz2
>
>
> Encountered multiple unchecked exceptions thrown from {{BZip2CompressorInputStream.<init>}}
when parsing malformed files. 
> {{ArrayIndexOutOfBoundsException}} is an unchecked exception that is not documented in
this API; therefore, such exceptions can cause stability issues in applications that are not
expecting them. Instead, an {{IOException}} should be thrown indicating that the input stream
contains malformed data.
> Stack traces for three distinct (but possibly related) sources of exceptions follow:
> {noformat}
> java.lang.ArrayIndexOutOfBoundsException: 65536
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.hbCreateDecodeTables(BZip2CompressorInputStream.java:422)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.createHuffmanDecodingTables(BZip2CompressorInputStream.java:546)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:518)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
> {noformat}
> {noformat}
> java.lang.ArrayIndexOutOfBoundsException: 6
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:493)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
> {noformat}
> {noformat}
> java.lang.ArrayIndexOutOfBoundsException: 18002
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:605)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
> 	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)
> {noformat}
> The inputs were found by mutating random bytes in a simple well-formed file (a compressed
string of zeros).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message