[commons-compress] 02/02: [COMPRESS-628] OutOfMemoryError on malformed pack200 input (NewAttributeBands.readNextUnionCase).

Tue, 04 Oct 2022 04:00:11 -0700 

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git

commit d2bbbf32c6425ba0a597c13b1d4915046e873eec
Author: Gary Gregory <garydgreg...@gmail.com>
AuthorDate: Tue Oct 4 06:59:55 2022 -0400

    [COMPRESS-628] OutOfMemoryError on malformed pack200 input
    (NewAttributeBands.readNextUnionCase).
---
 src/changes/changes.xml                            |  5 ++-
 .../harmony/pack200/NewAttributeBands.java         | 11 ++++---
 .../harmony/pack200/tests/Compress628Test.java     | 37 ++++++++++++++++++++++
 3 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 74ce4bd4..20451bb4 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -113,7 +113,10 @@ The <action> type attribute can be add,update,fix,remove.
         Update Wikipedia link in TarUtils.java:627.
       </action>
       <action issue="COMPRESS-626" type="fix" dev="ggregory" due-to="Andrii 
Hudz, Gary Gregory">
-        OutOfMemoryError on malformed pack200 attributes.
+        OutOfMemoryError on malformed pack200 input (attributes).
+      </action>
+      <action issue="COMPRESS-628" type="fix" dev="ggregory" due-to="Andrii 
Hudz, Gary Gregory">
+        OutOfMemoryError on malformed pack200 input 
(NewAttributeBands.readNextUnionCase).
       </action>
       <action type="fix" dev="ggregory" due-to="Gary Gregory">
         Some input streams are not closed in 
org.apache.commons.compress.harmony.pack200.PackingUtils.
diff --git 
a/src/main/java/org/apache/commons/compress/harmony/pack200/NewAttributeBands.java
 
b/src/main/java/org/apache/commons/compress/harmony/pack200/NewAttributeBands.java
index effe6029..8f7242f6 100644
--- 
a/src/main/java/org/apache/commons/compress/harmony/pack200/NewAttributeBands.java
+++ 
b/src/main/java/org/apache/commons/compress/harmony/pack200/NewAttributeBands.java
@@ -220,7 +220,7 @@ public class NewAttributeBands extends BandSet {
 
         // Union
         case 'T':
-            String int_type = "" + (char) reader.read();
+            String int_type = String.valueOf((char) reader.read());
             if (int_type.equals("S")) {
                 int_type += (char) reader.read();
             }
@@ -270,8 +270,9 @@ public class NewAttributeBands extends BandSet {
     private UnionCase readNextUnionCase(final StringReader reader) throws 
IOException {
         reader.mark(2);
         reader.read(); // '('
-        char next = (char) reader.read();
-        if (next == ')' || next == -1) {
+        final int next = reader.read();
+        char ch = (char) next;
+        if (ch == ')' || next == -1) {
             reader.reset();
             return null;
         }
@@ -288,8 +289,8 @@ public class NewAttributeBands extends BandSet {
         } while (nextTag != null);
         reader.read(); // '['
         reader.mark(1);
-        next = (char) reader.read();
-        if (next == ']') {
+        ch = (char) reader.read();
+        if (ch == ']') {
             return new UnionCase(tags);
         }
         reader.reset();
diff --git 
a/src/test/java/org/apache/commons/compress/harmony/pack200/tests/Compress628Test.java
 
b/src/test/java/org/apache/commons/compress/harmony/pack200/tests/Compress628Test.java
new file mode 100644
index 00000000..3f8b5aa2
--- /dev/null
+++ 
b/src/test/java/org/apache/commons/compress/harmony/pack200/tests/Compress628Test.java
@@ -0,0 +1,37 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.commons.compress.harmony.pack200.tests;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+
+import org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands;
+import org.apache.commons.compress.harmony.pack200.CPUTF8;
+import org.apache.commons.compress.harmony.pack200.NewAttributeBands;
+import org.junit.jupiter.api.Test;
+
+public class Compress628Test {
+
+    @Test
+    public void test() throws Exception {
+        final CPUTF8 name = new CPUTF8("");
+        final CPUTF8 layout = new CPUTF8("Re\\T");
+        assertDoesNotThrow(() -> new NewAttributeBands(1, null, null,
+                new AttributeDefinitionBands.AttributeDefinition(35, 
AttributeDefinitionBands.CONTEXT_CLASS, name, layout)));
+    }
+
+}

Reply via email to