RFR: 8242882: opening jar file with large manifest might throw NegativeArraySizeException
Jaikiran Pai
jpai at openjdk.java.net
Wed Sep 23 15:42:06 UTC 2020
Can I please get a review and a sponsor for a fix for https://bugs.openjdk.java.net/browse/JDK-8242882?
As noted in that JBS issue, if the size of the Manifest entry in the jar happens to be very large (such that it exceeds
the `Integer.MAX_VALUE`), then the current code in `JarFile#getBytes` can lead to a `NegativeArraySizeException`. This
is due to the: if (len != -1 && len <= 65535) block which evaluates to `true` when the size of the manifest entry is
larger than `Integer.MAX_VALUE`. As a result, this then ends up calling the code which can lead to the
`NegativeArraySizeException`.
The commit in this PR fixes that issue by changing those `if/else` blocks to prevent this issue and instead use a code
path that leads to the `InputStream#readAllBytes()` which internally has the necessary checks to throw the expected
`OutOfMemoryError`.
This commit also includes a jtreg test case which reproduces the issue and verifies the fix.
-------------
Commit messages:
- 8242882: opening jar file with large manifest might throw NegativeArraySizeException
Changes: https://git.openjdk.java.net/jdk/pull/323/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=323&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8242882
Stats: 88 lines in 2 files changed: 86 ins; 0 del; 2 mod
Patch: https://git.openjdk.java.net/jdk/pull/323.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/323/head:pull/323
PR: https://git.openjdk.java.net/jdk/pull/323
More information about the core-libs-dev
mailing list