commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Bodewig (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COMPRESS-447) ArrayIndexOutOfBoundsException in ZipFile
Date Sun, 22 Apr 2018 15:47:00 GMT

    [ https://issues.apache.org/jira/browse/COMPRESS-447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16447272#comment-16447272
] 

Stefan Bodewig commented on COMPRESS-447:
-----------------------------------------

I've put the exception handler into {{ExtraFieldUtils#parse}} as all parsing of extra fields
is handled here. See https://github.com/apache/commons-compress/commit/bd3e6cf204f249c2d60eca2268c8b9f402149f1b


> ArrayIndexOutOfBoundsException in ZipFile
> -----------------------------------------
>
>                 Key: COMPRESS-447
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-447
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Archivers
>            Reporter: floyd
>            Priority: Major
>             Fix For: 1.17
>
>         Attachments: 7_uncaught_ArrayIndexOutOfBoundsException_1.zip, 7_uncaught_ArrayIndexOutOfBoundsException_2.zip
>
>
> As part of a fuzzing run for a larger software that uses Apache Commons Compress ZipFile
with the AFL-based Kelinci fuzzer found at https://github.com/isstac/kelinci I found the following
ArrayIndexOutOfBoundsException issues:
> {code:java}
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException
>     at java.lang.System.arraycopy(Native Method)
>     at org.apache.commons.compress.archivers.zip.X7875_NewUnix.parseFromLocalFileData(X7875_NewUnix.java:224)
>     at org.apache.commons.compress.archivers.zip.ExtraFieldUtils.parse(ExtraFieldUtils.java:179)
>     at org.apache.commons.compress.archivers.zip.ZipArchiveEntry.setExtra(ZipArchiveEntry.java:571)
>     at org.apache.commons.compress.archivers.zip.ZipFile.resolveLocalFileHeaderData(ZipFile.java:1042)
>     at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:291)
>     at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:213)
>     at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:196)
>     at org.apache.commons.compress.archivers.zip.ZipFile.<init>(ZipFile.java:157){code}
> The issue can be reproduced with the attached files.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message