[COMPRESS-712] Unsanitized read causes IndexOutOfBoundsException in (apache#749)

DumpArchiveInputStream.java:359

- Throw a DumpArchiveException instead of a IndexOutOfBoundsException
- Also fix formatting in
org.apache.commons.compress.archivers.dump.DumpArchiveUtil.decode(ZipEncoding,
byte[], int, int)

Author: garydgregory

src/main/java/org/apache/commons/compress/archivers/dump/DumpArchiveInputStream.java

@@ -22,11 +22,12 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Arrays;
-import java.util.BitSet;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Map;
 import java.util.PriorityQueue;
 import java.util.Queue;
+import java.util.Set;
 import java.util.Stack;
 
 import org.apache.commons.compress.MemoryLimitException;
@@ -353,18 +354,19 @@ private String getPath(final DumpArchiveEntry entry) throws DumpArchiveException
         // build the stack of elements. It's possible that we're
         // still missing an intermediate value and if so we
         final Stack<String> elements = new Stack<>();
-        final BitSet visited = new BitSet();
+        // INO entries are unsigned (uint32_t)
+        final Set<Integer> visited = new HashSet<>();
         Dirent dirent = null;
         for (int i = entry.getIno();; i = dirent.getParentIno()) {
             if (!names.containsKey(i)) {
                 elements.clear();
                 break;
             }
-            if (visited.get(i)) {
+            if (visited.contains(i)) {
                 throw new DumpArchiveException("Duplicate node " + i);
             }
             dirent = names.get(i);
-            visited.set(i);
+            visited.add(i);
             elements.push(dirent.getName());
             if (dirent.getIno() == dirent.getParentIno()) {
                 break;

src/main/java/org/apache/commons/compress/archivers/dump/DumpArchiveUtil.java

@@ -81,10 +81,10 @@ public static long convert64(final byte[] buffer, final int offset) {
      * Decodes a byte array to a string.
      */
     static String decode(final ZipEncoding encoding, final byte[] b, final int offset, final int len) throws IOException {
-            if (offset > offset + len) {
-                throw new ArchiveException("Invalid offset/length combination");
-            }
-            return encoding.decode(Arrays.copyOfRange(b, offset, offset + len));
+        if (offset > offset + len) {
+            throw new ArchiveException("Invalid offset/length combination");
+        }
+        return encoding.decode(Arrays.copyOfRange(b, offset, offset + len));
     }
 
     /**