RFR: 8186334: JarFile throws ArrayIndexOutOfBoundsException when the manifest contains certain characters

Claes Redestad claes.redestad at oracle.com
Mon Aug 21 19:34:30 UTC 2017 

I think it makes a lot of sense to get this into a 9.x update, and I'll 
work through the details as soon as there's a 9 update forest available 
to commit backports to.

/Claes

On 2017-08-21 20:05, Jonathan Bluett-Duncan wrote:
> Would it not be viable to merge this into Java 9 in the foreseeable 
> future for one of its inevitable bug fix releases? I admit I'm 
> unfamiliar with the whole process, so I realise my question may be 
> naive or that the answer is considered "common knowledge".
>
> Cheers,
> Jonathan
>
> On 21 August 2017 at 18:41, Claes Redestad <claes.redestad at oracle.com 
> <mailto:claes.redestad at oracle.com>> wrote:
>
>
>
>     On 2017-08-21 19:15, Paul Sandoz wrote:
>
>             On 21 Aug 2017, at 02:53, Claes Redestad
>             <claes.redestad at oracle.com
>             <mailto:claes.redestad at oracle.com>> wrote:
>
>             Hi,
>
>             this patch addresses an unfortunate regression where
>             backtick characters
>             in a manifest can cause an AIOOBE.
>
>             Webrev:
>             http://cr.openjdk.java.net/~redestad/8186334/jdk.00/
>             <http://cr.openjdk.java.net/%7Eredestad/8186334/jdk.00/>
>             Bug: https://bugs.openjdk.java.net/browse/JDK-8186334
>             <https://bugs.openjdk.java.net/browse/JDK-8186334>
>
>             Basically an off-by-one issue during certain steps in the
>             search algorithm,
>             meaning it is context dependent whether a backtick will
>             trip on this issue
>             or not.
>
>         Ooops, looks good.
>
>
>     Thanks for reviewing!
>
>
>         I see a workaround has been pushed to Jackson, which reduced
>         my urge to suggest a nine respin. But… being slightly paranoid
>         testing JarFile on a local maven central mirror would give us
>         a better sense of the impact.
>
>
>     I think the 9 train has left the station even for issues of this
>     severity. And seeing as there are somewhat straightforward
>     workarounds I guess we'll have to live with my mistakes. Sorry!
>
>     /Claes
>
>

More information about the core-libs-dev mailing list