RFR: 8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream [v11]

Jaikiran Pai jpai at openjdk.java.net
Fri Jul 23 15:26:19 UTC 2021 

On Fri, 23 Jul 2021 14:58:01 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Can I please get a review for this proposed fix for the issue reported in https://bugs.openjdk.java.net/browse/JDK-8190753?
>> 
>> The commit here checks for the size of the zip entry before trying to create a `ByteArrayOutputStream` for that entry's content. A new jtreg test has been included in this commit to reproduce the issue and verify the fix.
>> 
>> P.S: It's still a bit arguable whether it's a good idea to create the `ByteArrayOutputStream` with an initial size potentially as large as the `MAX_ARRAY_SIZE` or whether it's better to just use some smaller default value. However, I think that can be addressed separately while dealing with https://bugs.openjdk.java.net/browse/JDK-8011146
>
> Jaikiran Pai has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 15 additional commits since the last revision:
> 
>  - Merge latest from master branch
>  - Implement review suggestions:
>     - remove unnecessary "synchronized"
>     - no need to open the temp file twice
>  - remove no longer necessary javadoc comment on test
>  - review suggestion - wrap ByteArrayOutputStream instead of extending it
>  - reorganize the tests now that the temp file creation threshold isn't exposed as a user configurable value
>  - minor update to comment on FileRolloverOutputStream class
>  - remove no longer used constant
>  - use jtreg's construct of manual test
>  - Implement Alan's review suggestion - don't expose the threshold as a configuration property, instead set it internally to a specific value
>  - propagate back the original checked IOException to the callers
>  - ... and 5 more: https://git.openjdk.java.net/jdk/compare/e1196067...991de6b9

Thank you for the review Alan.

@LanceAndersen, I've run the tier1 tests locally with the latest PR and they have passed without any regressions. Given that we changed the implementation to wrap ByteArrayOutputStream instead of extending it, would you want to rerun some of your other tests that you had previously run, before I integrate this?

-------------

PR: https://git.openjdk.java.net/jdk/pull/4607

More information about the core-libs-dev mailing list