RFR: 8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream [v11]

Jaikiran Pai jpai at openjdk.java.net
Fri Jul 23 14:58:01 UTC 2021 

> Can I please get a review for this proposed fix for the issue reported in https://bugs.openjdk.java.net/browse/JDK-8190753?
> 
> The commit here checks for the size of the zip entry before trying to create a `ByteArrayOutputStream` for that entry's content. A new jtreg test has been included in this commit to reproduce the issue and verify the fix.
> 
> P.S: It's still a bit arguable whether it's a good idea to create the `ByteArrayOutputStream` with an initial size potentially as large as the `MAX_ARRAY_SIZE` or whether it's better to just use some smaller default value. However, I think that can be addressed separately while dealing with https://bugs.openjdk.java.net/browse/JDK-8011146

Jaikiran Pai has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 15 additional commits since the last revision:

 - Merge latest from master branch
 - Implement review suggestions:
    - remove unnecessary "synchronized"
    - no need to open the temp file twice
 - remove no longer necessary javadoc comment on test
 - review suggestion - wrap ByteArrayOutputStream instead of extending it
 - reorganize the tests now that the temp file creation threshold isn't exposed as a user configurable value
 - minor update to comment on FileRolloverOutputStream class
 - remove no longer used constant
 - use jtreg's construct of manual test
 - Implement Alan's review suggestion - don't expose the threshold as a configuration property, instead set it internally to a specific value
 - propagate back the original checked IOException to the callers
 - ... and 5 more: https://git.openjdk.java.net/jdk/compare/d783ad9d...991de6b9

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/4607/files
  - new: https://git.openjdk.java.net/jdk/pull/4607/files/9e78ba06..991de6b9

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=4607&range=10
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=4607&range=09-10

  Stats: 43946 lines in 1112 files changed: 20903 ins; 17871 del; 5172 mod
  Patch: https://git.openjdk.java.net/jdk/pull/4607.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/4607/head:pull/4607

PR: https://git.openjdk.java.net/jdk/pull/4607

More information about the core-libs-dev mailing list