This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
commit 90a4d8b3e6bc261af0196ea356f974111001fd15
Author: Gary Gregory <garydgreg...@gmail.com>
AuthorDate: Fri Sep 30 09:21:00 2022 -0400
[COMPRESS-626] OutOfMemoryError on malformed pack200 attributes
---
src/changes/changes.xml | 3 +++
.../compress/harmony/pack200/NewAttributeBands.java | 14 +++++++++-----
.../harmony/unpack200/NewAttributeBands.java | 20 ++++++++++++++------
.../harmony/unpack200/tests/Compress626Test.java | 19 +++++++++----------
4 files changed, 35 insertions(+), 21 deletions(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 946d33e3..2ad3ad6b 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -112,6 +112,9 @@ The <action> type attribute can be add,update,fix,remove.
<action issue="COMPRESS-625" type="fix" dev="ggregory" due-to="MrBump,
Gary Gregory">
Update Wikipedia link in TarUtils.java:627.
</action>
+ <action issue="COMPRESS-626" type="fix" dev="ggregory" due-to="Andrii
Hudz, Gary Gregory">
+ OutOfMemoryError on malformed pack200 attributes.
+ </action>
<!-- ADD -->
<action issue="COMPRESS-602" type="add" dev="ggregory"
due-to="Postelnicu George, Gary Gregory">
Migrate zip package to use NIO #236.
diff --git
a/src/main/java/org/apache/commons/compress/harmony/pack200/NewAttributeBands.java
b/src/main/java/org/apache/commons/compress/harmony/pack200/NewAttributeBands.java
index 4bcf696a..b091b78b 100644
---
a/src/main/java/org/apache/commons/compress/harmony/pack200/NewAttributeBands.java
+++
b/src/main/java/org/apache/commons/compress/harmony/pack200/NewAttributeBands.java
@@ -168,11 +168,11 @@ public class NewAttributeBands extends BandSet {
private AttributeLayoutElement readNextAttributeElement(final StringReader
reader) throws IOException {
reader.mark(1);
- final int nextChar = reader.read();
- if (nextChar == -1) {
+ final int next = reader.read();
+ if (next == -1) {
return null;
}
- if (nextChar == '[') {
+ if (next == '[') {
return new
Callable(readBody(getStreamUpToMatchingBracket(reader)));
}
reader.reset();
@@ -272,7 +272,7 @@ public class NewAttributeBands extends BandSet {
reader.mark(2);
reader.read(); // '('
char next = (char) reader.read();
- if (next == ')') {
+ if (next == ')' || next == -1) {
reader.reset();
return null;
}
@@ -860,7 +860,11 @@ public class NewAttributeBands extends BandSet {
final StringBuilder sb = new StringBuilder();
int foundBracket = -1;
while (foundBracket != 0) {
- final char c = (char) reader.read();
+ int read = reader.read();
+ if (read == -1) {
+ break;
+ }
+ final char c = (char) read;
if (c == ']') {
foundBracket++;
}
diff --git
a/src/main/java/org/apache/commons/compress/harmony/unpack200/NewAttributeBands.java
b/src/main/java/org/apache/commons/compress/harmony/unpack200/NewAttributeBands.java
index 6690b6db..f27a07ba 100644
---
a/src/main/java/org/apache/commons/compress/harmony/unpack200/NewAttributeBands.java
+++
b/src/main/java/org/apache/commons/compress/harmony/unpack200/NewAttributeBands.java
@@ -192,11 +192,11 @@ public class NewAttributeBands extends BandSet {
private AttributeLayoutElement readNextAttributeElement(final StringReader
stream) throws IOException {
stream.mark(1);
- final int nextChar = stream.read();
- if (nextChar == -1) {
+ final int next = stream.read();
+ if (next == -1) {
return null;
}
- if (nextChar == '[') {
+ if (next == '[') {
return new
Callable(readBody(getStreamUpToMatchingBracket(stream)));
}
stream.reset();
@@ -293,7 +293,7 @@ public class NewAttributeBands extends BandSet {
stream.mark(2);
stream.read(); // '('
char next = (char) stream.read();
- if (next == ')') {
+ if (next == ')'|| next == -1) {
stream.reset();
return null;
}
@@ -865,7 +865,11 @@ public class NewAttributeBands extends BandSet {
final StringBuilder sb = new StringBuilder();
int foundBracket = -1;
while (foundBracket != 0) {
- final char c = (char) stream.read();
+ int read = stream.read();
+ if (read == -1) {
+ break;
+ }
+ final char c = (char) read;
if (c == ']') {
foundBracket++;
}
@@ -913,7 +917,11 @@ public class NewAttributeBands extends BandSet {
final StringBuilder sb = new StringBuilder();
int foundBracket = -1;
while (foundBracket != 0) {
- final char c = (char) stream.read();
+ int read = stream.read();
+ if (read == -1) {
+ break;
+ }
+ final char c = (char) read;
if (c == ']') {
foundBracket++;
}
diff --git
a/src/test/java/org/apache/commons/compress/harmony/unpack200/tests/Compress626Test.java
b/src/test/java/org/apache/commons/compress/harmony/unpack200/tests/Compress626Test.java
index 690cb6ef..ef048189 100644
---
a/src/test/java/org/apache/commons/compress/harmony/unpack200/tests/Compress626Test.java
+++
b/src/test/java/org/apache/commons/compress/harmony/unpack200/tests/Compress626Test.java
@@ -17,6 +17,8 @@
package org.apache.commons.compress.harmony.unpack200.tests;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
@@ -28,21 +30,18 @@ import org.apache.commons.compress.harmony.pack200.CPUTF8;
import org.apache.commons.compress.harmony.pack200.NewAttributeBands;
import org.apache.commons.compress.java.util.jar.Pack200;
import org.apache.commons.io.output.NullOutputStream;
-import org.junit.Ignore;
-import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
-@Disabled @Ignore
public class Compress626Test {
@Test
- public void test() throws Exception {
- CPUTF8 name = new CPUTF8("");
- CPUTF8 layout = new CPUTF8("[");
- new NewAttributeBands(1, null, null,
- new AttributeDefinitionBands.AttributeDefinition(35,
AttributeDefinitionBands.CONTEXT_CLASS, name, layout)
- );
- }
+ public void test() throws Exception {
+ final CPUTF8 name = new CPUTF8("");
+ final CPUTF8 layout = new CPUTF8("[");
+ assertDoesNotThrow(
+ () -> new NewAttributeBands(1, null, null, new
AttributeDefinitionBands.AttributeDefinition(35,
+
AttributeDefinitionBands.CONTEXT_CLASS, name, layout)));
+ }
@Test
public void testJar() throws IOException {
