Bug 41513 - zip: Infinite loop decoding Huffman if input is corrupt
Summary: zip: Infinite loop decoding Huffman if input is corrupt
Status: RESOLVED DUPLICATE of bug 36560
Alias: None
Product: classpath
Classification: Unclassified
Component: classpath (show other bugs)
Version: 0.97.2
: P3 critical
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-30 07:10 UTC by Daniel Noll
Modified: 2009-10-01 01:23 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Noll 2009-09-30 07:10:56 UTC
We found a bunch of data which is zip files with random data absent (and replaced with 0-bytes.)

As a result, InflaterHuffmanTree.buildTree(byte[]) receives empty byte arrays, and doesn't notice that the data is invalid.  In this particular case I can see that codeLengths is a byte[11] where all 11 bytes are zero.  The result is that tree is a byte[512] where all 512 bytes are zero.

I suspect that it's impossible for a Huffman tree to have any entries which are 0 (could someone confirm this though?) in which case any 0 entries would be invalid.  But is there a better check which could be performed to ensure that the tree data is intact?

Sun's implementation throws an exception indicating that the Huffman tree is incomplete, which appears to be the correct error in this situation.
Comment 1 Daniel Noll 2009-10-01 01:23:53 UTC
I will roll this into 36560 as it turns out it's related.

*** This bug has been marked as a duplicate of 36560 ***