Skip to content
Permalink
Browse files
Address CodeQL issues in pack200/unpack200 packages.
Throw ArithmeticExceptioninstead of silently overflowing.
  • Loading branch information
garydgregory committed Feb 9, 2022
1 parent 666e787 commit e03b342b1a514bb5dfed656c5711003e21c93353
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 15 deletions.
@@ -26,6 +26,7 @@
import java.util.zip.DataFormatException;
import java.util.zip.Inflater;

import org.apache.commons.compress.utils.ExactMath;
import org.apache.commons.compress.utils.IOUtils;

/**
@@ -205,7 +206,7 @@ public long skip(final long len) throws IOException {
}

// do not copy data but still increment counters.
readOffset += n;
readOffset = ExactMath.add(readOffset, n);
bytes += n;
}

@@ -35,6 +35,7 @@
import org.apache.commons.compress.archivers.zip.ZipEncoding;
import org.apache.commons.compress.archivers.zip.ZipEncodingHelper;
import org.apache.commons.compress.utils.CountingOutputStream;
import org.apache.commons.compress.utils.ExactMath;
import org.apache.commons.compress.utils.FixedLengthBlockOutputStream;

import static java.nio.charset.StandardCharsets.*;
@@ -432,7 +433,8 @@ public void closeArchiveEntry() throws IOException {
+ "' before the '" + currSize
+ "' bytes specified in the header were written");
}
recordsWritten += (currSize / RECORD_SIZE);
recordsWritten = ExactMath.add(recordsWritten, (currSize / RECORD_SIZE));

if (0 != currSize % RECORD_SIZE) {
recordsWritten++;
}
@@ -24,6 +24,7 @@

import org.apache.commons.compress.utils.CloseShieldFilterInputStream;
import org.apache.commons.compress.utils.CountingInputStream;
import org.apache.commons.compress.utils.ExactMath;
import org.apache.commons.compress.utils.InputStreamStatistics;

/**
@@ -200,7 +201,7 @@ private void fillBuffer() throws IOException {
// EOF
return;
}
length += nextByte;
length = ExactMath.add(length, nextByte);
}
length += minimumMatchLength;

@@ -17,8 +17,10 @@
*/
package org.apache.commons.compress.compressors.deflate64;

import org.apache.commons.compress.utils.BitInputStream;
import org.apache.commons.compress.utils.ByteUtils;
import static org.apache.commons.compress.compressors.deflate64.HuffmanState.DYNAMIC_CODES;
import static org.apache.commons.compress.compressors.deflate64.HuffmanState.FIXED_CODES;
import static org.apache.commons.compress.compressors.deflate64.HuffmanState.INITIAL;
import static org.apache.commons.compress.compressors.deflate64.HuffmanState.STORED;

import java.io.Closeable;
import java.io.EOFException;
@@ -27,10 +29,9 @@
import java.nio.ByteOrder;
import java.util.Arrays;

import static org.apache.commons.compress.compressors.deflate64.HuffmanState.DYNAMIC_CODES;
import static org.apache.commons.compress.compressors.deflate64.HuffmanState.FIXED_CODES;
import static org.apache.commons.compress.compressors.deflate64.HuffmanState.INITIAL;
import static org.apache.commons.compress.compressors.deflate64.HuffmanState.STORED;
import org.apache.commons.compress.utils.BitInputStream;
import org.apache.commons.compress.utils.ByteUtils;
import org.apache.commons.compress.utils.ExactMath;

class HuffmanDecoder implements Closeable {

@@ -325,14 +326,14 @@ private int decodeNext(final byte[] b, final int off, final int len) throws IOEx
final int runMask = RUN_LENGTH_TABLE[symbol - 257];
int run = runMask >>> 5;
final int runXtra = runMask & 0x1F;
run += readBits(runXtra);
run = ExactMath.add(run, readBits(runXtra));

final int distSym = nextSymbol(reader, distanceTree);

final int distMask = DISTANCE_TABLE[distSym];
int dist = distMask >>> 4;
final int distXtra = distMask & 0xF;
dist += readBits(distXtra);
dist = ExactMath.add(dist, readBits(distXtra));

if (runBuffer.length < run) {
runBuffer = new byte[run];
@@ -33,12 +33,13 @@ private ExactMath() {
/**
* Adds two values and throws an exception on overflow.
*
* @param intValue the first value.
* @param longValue the second value.
* @param x the first value.
* @param y the second value.
* @return addition of both values.
* @throws ArithmeticException when there is an overflow.
*/
public static int add(final int intValue, final long longValue) {
return Math.addExact(intValue, Math.toIntExact(longValue));
public static int add(final int x, final long y) {
return Math.addExact(x, Math.toIntExact(y));
}

}

0 comments on commit e03b342

Please sign in to comment.