Details
-
Bug
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
1.21
-
None
Description
While fuzzing Apache POI, I discovered a case which can trigger a NullPointerException in ZipArchiveInputStream.getCompressedCount().
The attached test-application and file are a fairly minimal reproducing testcase.
Put the java file into src/test/java and the file into /src/test/resources
Running it then produces the following:
Exception in thread "main" java.lang.NullPointerException at org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.getCompressedCount(ZipArchiveInputStream.java:559) at Crash_f2efd9eaeb86cda597d07b5e3c3d81363633c2da.main(Crash_f2efd9eaeb86cda597d07b5e3c3d81363633c2da.java:26)
Happens with 1.21 as well as latest.