Uploaded image for project: 'Commons Compress'
  1. Commons Compress
  2. COMPRESS-424

[bzip2] Multiple ArrayIndexOutOfBoundsException(s) when decompressing malformed input

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.14, 1.15
    • 1.16
    • Compressors
    • None

    Description

      Encountered multiple unchecked exceptions thrown from BZip2CompressorInputStream.<init> when parsing malformed files.

      ArrayIndexOutOfBoundsException is an unchecked exception that is not documented in this API; therefore, such exceptions can cause stability issues in applications that are not expecting them. Instead, an IOException should be thrown indicating that the input stream contains malformed data.

      Stack traces for three distinct (but possibly related) sources of exceptions follow:

      java.lang.ArrayIndexOutOfBoundsException: 65536
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.hbCreateDecodeTables(BZip2CompressorInputStream.java:422)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.createHuffmanDecodingTables(BZip2CompressorInputStream.java:546)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:518)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)

      java.lang.ArrayIndexOutOfBoundsException: 6
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.recvDecodingTables(BZip2CompressorInputStream.java:493)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:555)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)


      java.lang.ArrayIndexOutOfBoundsException: 18002
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.getAndMoveToFrontDecode(BZip2CompressorInputStream.java:605)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.initBlock(BZip2CompressorInputStream.java:324)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:135)
	at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:112)

      The inputs were found by mutating random bytes in a simple well-formed file (a compressed string of zeros).

      Attachments

        1. bad1.bz2
          0.0 kB
          Rohan Padhye
        2. bad2.bz2
          0.0 kB
          Rohan Padhye
        3. bad3.bz2
          0.0 kB
          Rohan Padhye

        Activity

          People

            Unassigned Unassigned
            rohanpadhye Rohan Padhye
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: