From 99684cfd77a3851d098824e9eb871cd6c087934f Mon Sep 17 00:00:00 2001 From: Stefan Bodewig Date: Tue, 21 Jul 2015 06:02:50 +0200 Subject: [PATCH] yet another potential AIOBException in zip package Bug found and fix provided by Earl Hood --- CONTRIBUTORS | 1 + WHATSNEW | 5 +++++ contributors.xml | 4 ++++ src/main/org/apache/tools/zip/ZipOutputStream.java | 2 +- 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTORS b/CONTRIBUTORS index e78bd62e9..a4b01e86f 100644 --- a/CONTRIBUTORS +++ b/CONTRIBUTORS @@ -109,6 +109,7 @@ Don Brown Don Ferguson Don Jeffery Drew Sudell +Earl Hood Edison Guo Eduard Wirch Edwin Woudt diff --git a/WHATSNEW b/WHATSNEW index 9fb145468..db8f88f78 100644 --- a/WHATSNEW +++ b/WHATSNEW @@ -7,6 +7,11 @@ Changes that could break older environments: Fixed bugs: ----------- + * ZipOutputStream could cause an ArrayIndexOutOfBoundsException when + adding entries with comments. This never happens when using Ant as + a build tool but may affect users using Ant's zip package as a + library. + Other changes: -------------- diff --git a/contributors.xml b/contributors.xml index 7ea115e35..3cdc06ea4 100644 --- a/contributors.xml +++ b/contributors.xml @@ -463,6 +463,10 @@ Drew Sudell + + Earl + Hood + Edison Guo diff --git a/src/main/org/apache/tools/zip/ZipOutputStream.java b/src/main/org/apache/tools/zip/ZipOutputStream.java index 261c717ec..0b4f5f902 100644 --- a/src/main/org/apache/tools/zip/ZipOutputStream.java +++ b/src/main/org/apache/tools/zip/ZipOutputStream.java @@ -1258,7 +1258,7 @@ public class ZipOutputStream extends FilterOutputStream { int extraStart = CFH_FILENAME_OFFSET + nameLen; System.arraycopy(extra, 0, buf, extraStart, extra.length); - int commentStart = extraStart + commentLen; + int commentStart = extraStart + extra.length; // file comment System.arraycopy(commentB.array(), commentB.arrayOffset(), buf, commentStart, commentLen);