Fix a bug where xlen larger than 0x7fff was rejected (#1280)

We treated this short value as unsigned and it should have been treated as signed.
square · Jun 22, 2023 · 81bce1a · 81bce1a
1 parent b9b3fce
commit 81bce1a
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 5 deletions.
diff --git a/okio/src/jvmMain/kotlin/okio/GzipSource.kt b/okio/src/jvmMain/kotlin/okio/GzipSource.kt
@@ -117,7 +117,7 @@ class GzipSource(source: Source) : Source {
     if (flags.getBit(FEXTRA)) {
       source.require(2)
       if (fhcrc) updateCrc(source.buffer, 0, 2)
-      val xlen = source.buffer.readShortLe().toLong()
+      val xlen = (source.buffer.readShortLe().toInt() and 0xffff).toLong()
       source.require(xlen)
       if (fhcrc) updateCrc(source.buffer, 0, xlen)
       source.skip(xlen)

diff --git a/okio/src/jvmTest/kotlin/okio/GzipKotlinTest.kt b/okio/src/jvmTest/kotlin/okio/GzipKotlinTest.kt
@@ -23,14 +23,28 @@ import org.junit.Test
 class GzipKotlinTest {
   @Test fun sink() {
     val data = Buffer()
-    val gzip = (data as Sink).gzip()
-    gzip.buffer().writeUtf8("Hi!").close()
+    (data as Sink).gzip().buffer().use { gzip ->
+      gzip.writeUtf8("Hi!")
+    }
     assertEquals("1f8b0800000000000000f3c8540400dac59e7903000000", data.readByteString().hex())
   }
 
   @Test fun source() {
     val buffer = Buffer().write("1f8b0800000000000000f3c8540400dac59e7903000000".decodeHex())
-    val gzip = (buffer as Source).gzip()
-    assertEquals("Hi!", gzip.buffer().readUtf8())
+    (buffer as Source).gzip().buffer().use { gzip ->
+      assertEquals("Hi!", gzip.readUtf8())
+    }
+  }
+
+  @Test fun extraLongXlen() {
+    val xlen = 0xffff
+    val buffer = Buffer()
+      .write("1f8b0804000000000000".decodeHex())
+      .writeShort(xlen)
+      .write(ByteArray(xlen))
+      .write("f3c8540400dac59e7903000000".decodeHex())
+    (buffer as Source).gzip().buffer().use { gzip ->
+      assertEquals("Hi!", gzip.readUtf8())
+    }
   }
 }