This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new c5b60ca avoid NPE when there is no GNU tar extended header where one
should be
c5b60ca is described below
commit c5b60cabd77773ca50072f2eb1a9aec36c89babf
Author: Stefan Bodewig <bode...@apache.org>
AuthorDate: Sat Jun 5 08:50:00 2021 +0200
avoid NPE when there is no GNU tar extended header where one should be
Credit to OSS-Fuzz
---
src/changes/changes.xml | 5 +++++
.../apache/commons/compress/archivers/tar/TarArchiveInputStream.java | 3 +--
src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java | 3 +--
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 82dd735..439187b 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -356,6 +356,11 @@ The <action> type attribute can be add,update,fix,remove.
due-to="Brett Okken">
gzip deflate buffer size is now configurable.
</action>
+ <action type="fix" date="2021-06-05">
+ The parser for GNU sparse tar headers could throw a
+ NullPointerExcpetion rather than an IOException if the archive
+ ended while more sparse headers were expected.
+ </action>
</release>
<release version="1.20" date="2020-02-08"
description="Release 1.20 (Java 7)">
diff --git
a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java
b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java
index 7ff96eb..6311bd3 100644
---
a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java
+++
b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java
@@ -643,8 +643,7 @@ public class TarArchiveInputStream extends
ArchiveInputStream {
do {
final byte[] headerBuf = getRecord();
if (headerBuf == null) {
- currEntry = null;
- break;
+ throw new IOException("premature end of tar archive.
Didn't find extended_header after header with extended flag.");
}
entry = new TarArchiveSparseEntry(headerBuf);
currEntry.getSparseHeaders().addAll(entry.getSparseHeaders());
diff --git
a/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
b/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
index 34d9351..148d573 100644
--- a/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
+++ b/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
@@ -310,8 +310,7 @@ public class TarFile implements Closeable {
do {
final ByteBuffer headerBuf = getRecord();
if (headerBuf == null) {
- currEntry = null;
- break;
+ throw new IOException("premature end of tar archive.
Didn't find extended_header after header with extended flag.");
}
entry = new TarArchiveSparseEntry(headerBuf.array());
currEntry.getSparseHeaders().addAll(entry.getSparseHeaders());
