CR 7148271 REGESSION with PNG Image loading
Xueming Shen
xueming.shen at oracle.com
Wed Mar 14 00:14:22 UTC 2012
INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR + inflateUndermine() is the answer from zlib
author.
-Sherman
On 3/13/2012 5:06 PM, Ulf Zibis wrote:
> Am 13.03.2012 20:03, schrieb Xueming Shen:
>> While this indeed is a "regression", the question is do we really
>> want this
>> behavior (allow those corrupt zip/png files without throwing
>> exception) to
>> be the default behavior? A possible approach is to by default the
>> j.u.zip.Inflater/PNGImageReader rejects such files (by throwing a zip
>> exception,
>> as the current JDK7 does) and to tolerate such files only with some
>> -D flag,
>> for example -Djava.util.zip.InflateAllowInvalidDistance. This
>> definitely will
>> be inconvenient for those who like the PNGImageReader to just work as
>> it did
>> in previous releases, but appears to be a more reasonable for me.
>>
>> Opinion?
> I think, we should trigger the zlib people to add a runtime option
> additionally to the compile option. If set, zlib should report a
> warning instead error in case of invalid distance-too-far stream.
> In java we could propagate the option to the API.
> In the mean time we temporarily could use the -D flag or just fulfill
> the "just work as it did " strategy with a note in javadoc of Zip class.
>
> -Ulf
>
More information about the core-libs-dev
mailing list