RFR: 8303866: Allow ZipInputStream.readEnd to parse small Zip64 ZIP files [v6]
Lance Andersen
lancea at openjdk.org
Wed Nov 15 20:17:37 UTC 2023
On Wed, 15 Nov 2023 20:13:15 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:
>> src/java.base/share/classes/java/util/zip/ZipInputStream.java line 581:
>>
>>> 579: if ((flag & 8) == 8) {
>>> 580: /* "Data Descriptor" present */
>>> 581: if (hasZip64Extra(e) ||
>>
>> You probably want to consider updating `readLOC` to make sure the extralen is != 0 if the appropriate fields are set to either 0xFFFF or 0xFFFFFFFF or update `hasZip64Extra` to do the validation
>
> I think I prefer keeping this PR maintaining a strict focus on expanding the set of readable files to include those that use Zip64 extra fields for < 2GB entries with data descriptors.
>
> Would you be ok with that?
>
> Adding validation to `readLOC` is a fair effort, but I would prefer this to be done in a separate PR, similar to your work on adding Zip64 validation to ZipFile.
>
> I wouldn't mind looking into that, but perhaps you would like to handle it, given your comment above about spending some time on `ZipInputStream` in the following days?
A follow on PR is fine. Why don't you take that on seeing you already have your sleeves rolled up in this area :-)
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/12524#discussion_r1394744061
More information about the core-libs-dev
mailing list