commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Bodewig (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COMPRESS-490) [lz4] Multiple unchecked exceptions when decompressing malformed input
Date Thu, 08 Aug 2019 15:59:00 GMT

    [ https://issues.apache.org/jira/browse/COMPRESS-490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16903094#comment-16903094
] 

Stefan Bodewig commented on COMPRESS-490:
-----------------------------------------

Alex can I include the archives within our code base as examples for our unit test? Or in
legaleese are you contributing the archives under term 5 of the Apache License version 2.0
- [http://www.apache.org/licenses/LICENSE-2.0] ?

> [lz4] Multiple unchecked exceptions when decompressing malformed input
> ----------------------------------------------------------------------
>
>                 Key: COMPRESS-490
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-490
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Compressors
>    Affects Versions: 1.18
>         Environment: MacOS Mojave
> openjdk version "1.8.0_212"
> OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b03)
> OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b03, mixed mode)
>            Reporter: Alex Rebert
>            Assignee: Stefan Bodewig
>            Priority: Minor
>             Fix For: 1.19
>
>         Attachments: ArithmeticException, ArrayIndexOutOfBoundsException1, ArrayIndexOutOfBoundsException2
>
>
> Encountered multiple unchecked exceptions thrown from {{FramedLZ4CompressorInputStream.read}} when
parsing malformed files.
> {{ArrayIndexOutOfBoundsException}} and {{ArithmeticException}} are unchecked exceptions
that are not documented in this API; therefore, such exceptions can cause stability issues
in applications that are not expecting them. Instead, an {{IOException}} should be thrown
indicating that the input stream contains malformed data.
> Stack traces for three distinct (but possibly related) sources of exceptions follow:
> {noformat}
> java.lang.ArithmeticException: / by zero
>         at org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream.tryToCopy(AbstractLZ77CompressorInputStream.java:314)
>         at org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream.readBackReference(AbstractLZ77CompressorInputStream.java:291)
>         at org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorInputStream.read(BlockLZ4CompressorInputStream.java:83)
>         at org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream.readOnce(FramedLZ4CompressorInputStream.java:328)
>         at org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream.read(FramedLZ4CompressorInputStream.java:145)
>         at java.io.InputStream.read(InputStream.java:101)
> {noformat}
> {noformat}
> java.lang.ArrayIndexOutOfBoundsException
>         at java.lang.System.arraycopy(Native Method)
>         at org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream.tryToCopy(AbstractLZ77CompressorInputStream.java:308)
>         at org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream.readBackReference(AbstractLZ77CompressorInputStream.java:291)
>         at org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorInputStream.read(BlockLZ4CompressorInputStream.java:83)
>         at org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream.readOnce(FramedLZ4CompressorInputStream.java:328)
>         at org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream.read(FramedLZ4CompressorInputStream.java:145)
>         at java.io.InputStream.read(InputStream.java:101)
> {noformat}
> {noformat}
> java.lang.ArrayIndexOutOfBoundsException: -1
>         at org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream.tryToCopy(AbstractLZ77CompressorInputStream.java:304)
>         at org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream.readBackReference(AbstractLZ77CompressorInputStream.java:291)
>         at org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorInputStream.read(BlockLZ4CompressorInputStream.java:83)
>         at org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorInputStream.read(BlockLZ4CompressorInputStream.java:75)
>         at org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream.readOnce(FramedLZ4CompressorInputStream.java:328)
>         at org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream.read(FramedLZ4CompressorInputStream.java:145)
>         at java.io.InputStream.read(InputStream.java:101)
> {noformat}
> The inputs were automatically generated by fuzzing, by repeatedly mutating random bytes
in a well-formed file.
>  



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Mime
View raw message