RFR: 8316141: Improve CEN header validation checking
Alan Bateman
alanb at openjdk.org
Fri Dec 8 09:43:14 UTC 2023
On Wed, 8 Nov 2023 19:59:34 GMT, Lance Andersen <lancea at openjdk.org> wrote:
> Please review this PR which enhances the existing CEN header validation checking to ensure that the
> size of the CEN Header + name length + comment length + extra length do not exceed 65,535 bytes per the PKWare APP.NOTE 4.4.10, 4.4.11, & 4.4.12. Also check that current CEN header will not exceed the length of the CEN array.
>
> Mach 5 tiers 1-3 are clean with this change.
I think the zip changes are okay. As per our discussion here, the compatibility impact can be evaluated later in JDK 23 to gauge whether there it is too strict.
-------------
Marked as reviewed by alanb (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/16570#pullrequestreview-1771978971
More information about the core-libs-dev
mailing list