From 70515ed4c6dbf0015d71283d41b9a99170a999a0 Mon Sep 17 00:00:00 2001
From: Mike Mole <michael.mole@lookout.com>
Date: Fri, 19 Aug 2016 09:08:42 -0400
Subject: [PATCH] [COMPRESS-364] ZipArchiveInputStream.closeEntry fails to
 advance

Properly advances to next entry upon calling closeEntry when there
are extra junk bytes after the compressed data section of a
zip entry. This applies to the ZipArchiveInputStream implementation.
---
 .../archivers/zip/ZipArchiveInputStream.java       |  21 +++++++++++--
 .../archivers/zip/ZipArchiveInputStreamTest.java   |  34 +++++++++++++++++++++
 .../resources/archive_with_bytes_after_data.zip    | Bin 0 -> 670 bytes
 3 files changed, 53 insertions(+), 2 deletions(-)
 create mode 100644 src/test/resources/archive_with_bytes_after_data.zip

diff --git a/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java b/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
index 54aa0ab..5d4c0a8 100644
--- a/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
+++ b/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
@@ -616,8 +616,7 @@ public class ZipArchiveInputStream extends ArchiveInputStream {
         }
 
         // Ensure all entry bytes are read
-        if (current.bytesReadFromStream <= current.entry.getCompressedSize()
-                && !current.hasDataDescriptor) {
+        if (currentEntryHasOutstandingBytes()) {
             drainCurrentEntryData();
         } else {
             skip(Long.MAX_VALUE);
@@ -632,6 +631,12 @@ public class ZipArchiveInputStream extends ArchiveInputStream {
             // Pushback any required bytes
             if (diff > 0) {
                 pushback(buf.array(), buf.limit() - diff, diff);
+                current.bytesReadFromStream -= diff;
+            }
+
+            // Drain remainder of entry if not all data bytes were required
+            if (currentEntryHasOutstandingBytes()) {
+                drainCurrentEntryData();
             }
         }
 
@@ -646,6 +651,18 @@ public class ZipArchiveInputStream extends ArchiveInputStream {
     }
 
     /**
+     * If the compressed size of the current entry is included in the entry header
+     * and there are any outstanding bytes in the underlying stream, then
+     * this returns true.
+     *
+     * @return true, if current entry is determined to have outstanding bytes, false otherwise
+     */
+    private boolean currentEntryHasOutstandingBytes() {
+        return current.bytesReadFromStream <= current.entry.getCompressedSize()
+                && !current.hasDataDescriptor;
+    }
+
+    /**
      * Read all data of the current entry from the underlying stream
      * that hasn't been read, yet.
      */
diff --git a/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java b/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java
index 931387c..297de9a 100644
--- a/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java
+++ b/src/test/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStreamTest.java
@@ -200,4 +200,38 @@ public class ZipArchiveInputStreamTest {
             assertArrayEquals(expected, IOUtils.toByteArray(in));
         }
     }
+
+    /**
+     * Test case for
+     * <a href="https://issues.apache.org/jira/browse/COMPRESS-364"
+     * >COMPRESS-364</a>.
+     */
+    @Test
+    public void testWithBytesAfterData() throws Exception {
+        final int expectedNumEntries = 2;
+        final InputStream is = ZipArchiveInputStreamTest.class
+                .getResourceAsStream("/archive_with_bytes_after_data.zip");
+        final ZipArchiveInputStream zip = new ZipArchiveInputStream(is);
+
+        try {
+            int actualNumEntries = 0;
+            ZipArchiveEntry zae = zip.getNextZipEntry();
+            while (zae != null) {
+                actualNumEntries++;
+                readEntry(zip, zae);
+                zae = zip.getNextZipEntry();
+            }
+            assertEquals(expectedNumEntries, actualNumEntries);
+        } finally {
+            zip.close();
+        }
+    }
+
+    private static byte[] readEntry(ZipArchiveInputStream zip, ZipArchiveEntry zae) throws IOException {
+        final int len = (int)zae.getSize();
+        final byte[] buff = new byte[len];
+        zip.read(buff, 0, len);
+
+        return buff;
+    }
 }
diff --git a/src/test/resources/archive_with_bytes_after_data.zip b/src/test/resources/archive_with_bytes_after_data.zip
new file mode 100644
index 0000000000000000000000000000000000000000..8937ede92701a48e47950fb968f1ed0e84a8f6cb
GIT binary patch
literal 670
zcmWIWW@Zs#U|`^2NQ}xeKm96%-+_^VA&H5Bfs;X$p(M4q#89syHzzcNlYx2KX)E_T
zw{6@*D_9u5GJa*uofMegWFXRd-}4Xu-O2vhD;qW}y{4ghF;#f+o;N2&G-h)%Ej)9!
zKEH8^)$__nHMV=V-<jr9&u?kb74_~klg|MG=VFVc%*{3%F7)5K&ggM!k$~soYpJL6
zbM!ZGq`lcGxXH8faNuvo(8T0Rry0Cr_;_w{@9-1qU#nB>dwFBd?T_=4j{9!Rj*PR}
z7JL5Go-^CdJn{1keff&#6~_YM%EaRO?R@5fN6&ExmwdF^#IgNi);F<$oI?}eI^J%P
zSiRzz)yvmx7gq{xS?hX%_e!GLsy#MqcTTZSoqMV0d5}PfbLp?>u34W}P5L@<!MQsx
zcRgZvoM~aV>1XMEzSlp>PG)qR?SJa^*Ew5nv&Z9>tJS4zx2&n0#QkF_hmSSOVZN`g
zv;3y7xhJ2O_Ah(GYquNw7;n|Q<8J!*Fpt@>e%<3++w`CCFf#<8guP6T={XNzOauWj
zEbNVNhW+M^>rb2w)bQ5TI(O!L@P^O;^DD*y+qXY{x+$>aV>w?ZPeG{1x$~#Jef1bm
zi8mi94mSSWP}Sh$H+#;ND@v@j6IR&y%;07Kxq*>MoEcXN;03ycfdQBx7?w1GSV-xC
m6_Or8D;O}$K=lc-88twoKxRPwg<=LP8^{JGAnbrJfFuB?@c<kE

literal 0
HcmV?d00001

-- 
2.9.2