Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.12
-
None
Description
in Class BitInputStream.java(\src\main\java\org\apache\commons\compress\utils),
funcion:
public long readBits(final int count) throws IOException {
if (count < 0 || count > MAXIMUM_CACHE_SIZE)
while (bitsCachedSize < count) {
final long nextByte = in.read();
if (nextByte < 0)
if (byteOrder == ByteOrder.LITTLE_ENDIAN)
{ bitsCached |= (nextByte << bitsCachedSize); }else
{ bitsCached <<= 8; bitsCached |= nextByte; } bitsCachedSize += 8;
}
final long bitsOut;
if (byteOrder == ByteOrder.LITTLE_ENDIAN)
else
{ bitsOut = (bitsCached >> (bitsCachedSize - count)) & MASKS[count]; } bitsCachedSize -= count;
return bitsOut;
}
I think here "bitsCached |= (nextByte << bitsCachedSize);" will overflow in some cases. for example, below is a test case:
public static void test() {
ByteArrayInputStream in = new ByteArrayInputStream(new byte[]
{87, 45, 66, 15, 90, 29, 88, 61, 33, 74});
BitInputStream bin = new BitInputStream(in, ByteOrder.LITTLE_ENDIAN);
try
catch (Exception e)
{ e.printStackTrace(); }}
overflow occur in "bin.readBits(63);" , so ,result in wrong result from "bin.readBits(12);"