This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new 882c6dd one more case where the JDK throwing RuntimeEx may hurt us
882c6dd is described below
commit 882c6dd12473d7b615d503e08fd6b866d0f866d5
Author: Stefan Bodewig <[email protected]>
AuthorDate: Thu May 13 20:50:41 2021 +0200
one more case where the JDK throwing RuntimeEx may hurt us
similar to 51265b23
Credit to OSS-Fuzz
---
.../java/org/apache/commons/compress/archivers/zip/ZipFile.java | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git
a/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
b/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
index 17f340b..a3a65a4 100644
--- a/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
+++ b/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
@@ -818,7 +818,13 @@ public class ZipFile implements Closeable {
final byte[] cdExtraData = new byte[extraLen];
IOUtils.readFully(archive, ByteBuffer.wrap(cdExtraData));
- ze.setCentralDirectoryExtra(cdExtraData);
+ try {
+ ze.setCentralDirectoryExtra(cdExtraData);
+ } catch (RuntimeException ex) {
+ final ZipException z = new ZipException("Invalid extra data in
entry " + ze.getName());
+ z.initCause(ex);
+ throw z;
+ }
setSizesAndOffsetFromZip64Extra(ze);
