CpioArchiveInputStream.read(byte[], int, int) now throws an IOException

garydgregory · garydgregory · commit c43928b63430 · 2025-01-02T10:22:22.000-05:00
on a data pad count mismatch
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
@@ -59,6 +59,7 @@ The <action> type attribute can be add,update,fix,remove.
       <action type="fix" dev="ggregory" due-to="Gary Gregory">ZipArchiveOutputStream.close() does not close its underlying output stream.</action>
       <action type="fix" dev="ggregory" due-to="Gary Gregory">Don't use deprecated code in TarArchiveInputStream.</action>
       <action type="fix" dev="ggregory" due-to="Gary Gregory">Don't use deprecated code in TarFile.</action>
+      <action type="fix" dev="ggregory" due-to="Gary Gregory">CpioArchiveInputStream.read(byte[], int, int) now throws an IOException on a data pad count mismatch.</action>
       <!-- ADD -->
       <action type="add" dev="ggregory" due-to="Gary Gregory">Add GzipParameters.getModificationInstant().</action>
       <action type="add" dev="ggregory" due-to="Gary Gregory">Add GzipParameters.setModificationInstant(Instant).</action>
diff --git a/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java b/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveInputStream.java
@@ -325,7 +325,10 @@ public int read(final byte[] b, final int off, final int len) throws IOException
             return -1;
         }
         if (this.entryBytesRead == this.entry.getSize()) {
-            skip(entry.getDataPadCount());
+            final int dataPadCount = entry.getDataPadCount();
+            if (skip(dataPadCount) != dataPadCount) {
+                throw new IOException("Data pad count missmatch.");
+            }
             this.entryEOF = true;
             if (this.entry.getFormat() == FORMAT_NEW_CRC && this.crc != this.entry.getChksum()) {
                 throw new IOException("CRC Error. Occurred at byte: " + getBytesRead());
@@ -492,11 +495,9 @@ private byte[] readRange(final int len) throws IOException {
         return b;
     }
 
-    private void skip(final int bytes) throws IOException {
+    private int skip(final int length) throws IOException {
         // bytes cannot be more than 3 bytes
-        if (bytes > 0) {
-            readFully(fourBytesBuf, 0, bytes);
-        }
+        return length > 0 ? readFully(fourBytesBuf, 0, length) : 0;
     }
 
     /**
