From ca056d4822fd5e09112db6d51e5b054f9094d744 Mon Sep 17 00:00:00 2001
From: apriestman <apriestman@basistech.com>
Date: Fri, 11 Dec 2020 09:08:27 -0500
Subject: [PATCH 1/3] Test for negative offset

---
 .../embeddedfileextractor/SevenZipContentReadStream.java | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipContentReadStream.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipContentReadStream.java
index 0528073e86..ad9b1f221b 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipContentReadStream.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipContentReadStream.java
@@ -48,13 +48,22 @@ class SevenZipContentReadStream implements IInStream {
         long newPosition = curPosition;
         switch (origin) {
             case SEEK_CUR:
+                if (curPosition + offset < 0) {
+                    throw new SevenZipException("Attempted seek to negative offset " + offset);
+                }
                 newPosition = wrapped.seek(curPosition + offset);
                 break;
             case SEEK_END:
+                if (length + offset < 0) {
+                    throw new SevenZipException("Attempted seek to negative offset " + offset);
+                }
                 //(offset <= 0) offset is set from EOF
                 newPosition = wrapped.seek(length + offset);
                 break;
             case SEEK_SET:
+                if (offset < 0) {
+                    throw new SevenZipException("Attempted seek to negative offset " + offset);
+                }
                 newPosition = wrapped.seek(offset);
                 break;
             default:

From 3bf1c31a5227e2af0a6f1683fec407f7c7e2b1c4 Mon Sep 17 00:00:00 2001
From: apriestman <apriestman@basistech.com>
Date: Fri, 11 Dec 2020 12:23:12 -0500
Subject: [PATCH 2/3] Improve zip error handling

---
 .../embeddedfileextractor/SevenZipExtractor.java      | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java
index a6df94206e..84379e31e7 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java
@@ -725,7 +725,7 @@ class SevenZipExtractor {
                 //TODO decide if anything to cleanup, for now bailing
             }
 
-        } catch (SevenZipException ex) {
+        } catch (SevenZipException | IllegalArgumentException ex) {
             logger.log(Level.WARNING, "Error unpacking file: " + archiveFile, ex); //NON-NLS
             //inbox message
 
@@ -1070,8 +1070,13 @@ class SevenZipExtractor {
             final String localAbsPath = archiveDetailsMap.get(
                     inArchiveItemIndex).getLocalAbsPath();
             if (result != ExtractOperationResult.OK) {
-                logger.log(Level.WARNING, "Extraction of : {0} encountered error {1}", //NON-NLS
-                        new Object[]{localAbsPath, result});
+                if (archiveFile.isMetaFlagSet(TskData.TSK_FS_META_FLAG_ENUM.UNALLOC)) {
+                    logger.log(Level.WARNING, "Extraction of : {0} encountered error {1} (file is unallocated and may be corrupt)", //NON-NLS
+                            new Object[]{localAbsPath, result});
+                } else {
+                    logger.log(Level.WARNING, "Extraction of : {0} encountered error {1}", //NON-NLS
+                            new Object[]{localAbsPath, result});
+                }
                 unpackSuccessful = false;
             }
 

From 4dd226deb8fab154e7d502faa9405b7e58ce8628 Mon Sep 17 00:00:00 2001
From: apriestman <apriestman@basistech.com>
Date: Fri, 11 Dec 2020 12:24:32 -0500
Subject: [PATCH 3/3] Revert testing changes

---
 .../embeddedfileextractor/SevenZipContentReadStream.java | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipContentReadStream.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipContentReadStream.java
index ad9b1f221b..0528073e86 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipContentReadStream.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipContentReadStream.java
@@ -48,22 +48,13 @@ class SevenZipContentReadStream implements IInStream {
         long newPosition = curPosition;
         switch (origin) {
             case SEEK_CUR:
-                if (curPosition + offset < 0) {
-                    throw new SevenZipException("Attempted seek to negative offset " + offset);
-                }
                 newPosition = wrapped.seek(curPosition + offset);
                 break;
             case SEEK_END:
-                if (length + offset < 0) {
-                    throw new SevenZipException("Attempted seek to negative offset " + offset);
-                }
                 //(offset <= 0) offset is set from EOF
                 newPosition = wrapped.seek(length + offset);
                 break;
             case SEEK_SET:
-                if (offset < 0) {
-                    throw new SevenZipException("Attempted seek to negative offset " + offset);
-                }
                 newPosition = wrapped.seek(offset);
                 break;
             default: