Bug - Not A Bug Error: Invalid or corrupt jarfile

Bale

Bale

Minion
When I try to run a recent build of KoLmafia I am getting the following error.

lQWEbyJ.png


I can run KoLmafia-1670 without any problem. r16073-16077 all give the same error.
 
H

heeheehee

Developer
Staff member
That is strange. 16077 runs just fine for me, and I did a quick search of the classes inside KoLmafia-16077.jar. All of those seem to be compiled either for Java 1.5 or Java 1.4. I thought we updated the build process to use Java 1.6, but I guess not? Weird.
 
Theraze

Theraze

Active member
Well, I'm using 1.8u45 successfully with 16077 downloaded from here, so I'm guessing something is corrupting your downloads.
 
H

heeheehee

Developer
Staff member
Just as a sanity check,
Code: 
sha1: f7b7dbb1496c7a04a5e622a577ac70b9cfbe7fb6
md5:  3f2758df024443cdff7bc625bc25577c
size: 12525233

Maybe your download is getting truncated? Or something?
 
Bale

Bale

Minion
KoLmafia-16077:
md5: 39be231c12ee0572bd089bc658071732
size: 12,523,620 bytes

Okay... I seem to have a download issue? That is so darn weird. I had previously re-downloaded it a second time to be sure and neither one worked. Plus I checked most of the intermediate steps between 16073 and 16077...

I'm downloading it again...
md5: 39be231c12ee0572bd089bc658071732
size: 12,523,620 bytes

That is the same as the first time.


I download 16076 and it does not work either. If I have a download issue, it is very consistent.

KoLmafia-16073
md5: 877bcf5d973a9e2f2a24b6740fe1bff8
size 12,523,620 bytes

A second time produces the same results. A third time through a different browser and same non-functional md5. Another browser and it is the same problem.


At this time I am wondering why my KoLmafia-1670 works. I've tried re-downloading it again and there is no problem at all...
 
Last edited:
AlbinoRhino

AlbinoRhino

Active member
I noticed that the commit message log on the builds page stopped updating at r16066. Perhaps something is strange with the build process ?
 
Z

Zerstoren

New member
I get the same "Error: Invalid or corrupt jarfile" message that Bale reported. Build 16065 works fine (as does KoLmafia-17.0.jar that was provided by AlbinoRhino on the kol forums); builds 16074, 16075, and 16077 all give the error (I didn't bother trying any others). I'm using Java version 8 update 45 (build 1.8.0_45-b15) as well.

ETA: Windows 7, file size, CertUtil Output

Code: 
07/27/2015  12:01 AM        12,525,080 KoLmafia-16077.jar

C:\KoL\KoLMafia>certutil -hashfile KoLmafia-16077.jar MD5
MD5 hash of file KoLmafia-16077.jar:
e9 22 5d ba d8 01 34 8d 0c ce 71 1e 78 e4 21 07
CertUtil: -hashfile command completed successfully.

C:\KoL\KoLMafia>certutil -hashfile KoLmafia-16077.jar SHA1
SHA1 hash of file KoLmafia-16077.jar:
e7 26 10 5c 35 d3 be ba e3 49 c7 7d 17 ec 66 d2 f1 eb 15 2c
CertUtil: -hashfile command completed successfully.

- Zerstoren
 
Last edited:
xKiv

xKiv

Active member
Downloading r16077 gives me a jar with the correct size and md5.
Truncating that file at the size given by Bale gives me the same md5 that Bale gets.
Something is interrupting the download 1913 bytes too early.
 
H

hallehoopma

New member
I had this problem too. Same builds - same issues. When I allowed antivirus specifically by creating an exception allowing access to the builds page (used an asterisk for sanity,) it was all better, or at least I was able to download today. I was not getting clear messages that it was antivirus stopping my connection, so I did spend a lot of time trying to fix an unbroken internet connection yesterday. Hope this helps.
 
Theraze

Theraze

Active member
Also, once your download fails once, with default settings, your browser will put that corrupted version into the cache and continue to use that corrupted version rather than ever trying to re-download a clean copy again.

Solutions include using a different computer, using a different browser, going into private mode (whatever your browser calls that), or fully clearing the cache and all temporary browser-related files.
 
fewyn

fewyn

Administrator
Staff member
Clearing your cache is probably the best option imo you never know what else might be corrupted in there (plus you can free up some hard drive space if you haven't cleared it in awhile)
 
Bale

Bale

Minion
I'm going to mark this as not a bug. It does turn out to be a firewall issue as halle suggested. I created an exception for builds.kolmafia.us and now the problem is gone.

Thanks, clannie!
 
Veracity

Veracity

Developer
Staff member
How long before somebody's antivirus triggers on one of these .jars and they post a warning in big letters over on G_D saying "KoLmafia is infected with malware"?
 
Bale

Bale

Minion
At least if that happened I would have known it was a firewall problem. Unfortunately Avast didn't even complain about the jar. No scary message at all. I think I need to dump Avast; in many ways it just isn't as good as it was 5 years ago.
 
I

iceikkle

New member
Bale said:
At least if that happened I would have known it was a firewall problem. Unfortunately Avast didn't even complain about the jar. No scary message at all. I think I need to dump Avast; in many ways it just isn't as good as it was 5 years ago.
Click to expand...

Avast did complain about the jar for me, while DailyDownloader.jar was downloading it. I'm beginning to agree with you, though. The fact that I can't tell you what the error message is because I didn't think to record it and Avast doesn't seem to keep any records at all (or if it does it's hidden them remarkably well) is typical.
 
Veracity

Veracity

Developer
Staff member
lostcalpolydude said:
I expect it's 16072, where that file was changed. Unless someone finds that the new version of SVNKit is malicious (unlikely), your report should actually go to Avast for a false positive.
Click to expand...
Here is a post from Avast telling how to report a false positive. It suggests that you run your file through VirusTotal. I did so; I uploaded SVNFileUtil.class and it ran it through 54 different virus checkers. Avast says "Java:CVE-2012-0507-DL [Expl]". The other 53 say "clean".

I submitted a report to Avast:

This is a compiled Java .class file from SVNKit by tmate software.

We incorporate that program into our Java program. We recently upgraded the version of that package that we include and one of our users now says that avast reports:

URL: http://builds.kolmafia.us/KoLmafia-16073.jar|org\tmatesoft\svn\core\internal\wc\SVNFileUtil.class
Infection: Java:CVE-2012-0507-DL [Expl]
Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

I have looked at SVNFileUtil.java and, unsurprisingly, there is no malicious code in it.

As you suggested, I ran the file through VirusTotal. It found 1/54 positives - Avast was the only one who thought there was an exploit in it.

I would appreciate it if you would examine this binary, figure out why you think it contains a Java exploit, and adjust your detection to not trigger on our program.

Thank you.
Click to expand...
and attached that .class file.

I will be interested to hear what they have to say.
 
You must log in or register to reply here.
Top