RFR: 8303866: Allow ZipInputStream.readEnd to parse small Zip64 ZIP files [v3]

Eirik Bjorsnos duke at openjdk.org
Sat Oct 28 17:37:39 UTC 2023 

On Sat, 28 Oct 2023 17:08:07 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> ZipInputStream.readEnd currently assumes a Zip64 data descriptor if the number of compressed or uncompressed bytes read from the inflater is larger than the Zip64 magic value.
>> 
>> While the ZIP format  mandates that the data descriptor `SHOULD be stored in ZIP64 format (as 8 byte values) when a file's size exceeds 0xFFFFFFFF`, it also states that `ZIP64 format MAY be used regardless of the size of a file`. For such small entries, the above assumption does not hold.
>> 
>> This PR augments ZipInputStream.readEnd to also assume 8-byte sizes if the ZipEntry includes a Zip64 extra information field. This brings ZipInputStream into alignment with the APPNOTE format spec:
>> 
>> 
>> When extracting, if the zip64 extended information extra 
>> field is present for the file the compressed and 
>> uncompressed sizes will be 8 byte values.
>> 
>> 
>> While small Zip64 files with 8-byte data descriptors are not commonly found in the wild, it is possible to create one using the Info-ZIP command line `-fd` flag:
>> 
>> `echo hello | zip -fd > hello.zip`
>> 
>> The PR also adds a test verifying that such a small Zip64 file can be parsed by ZipInputStream.
>
> Eirik Bjorsnos has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 21 additional commits since the last revision:
> 
>  - Remove excessive comment
>  - Move isZip64ExtBlockSizeValid to ZipUtils, use it from ZipInputStream and ZipFile.Source
>  - Merge branch 'master' into data-descriptor
>  - Use block comments instead of javadoc comments to avoid doclint warnings
>  - Merge branch 'master' into data-descriptor
>  - Zip64 extra field of a LOC header has 1-3 long components
>  - Clarify comment for shouldIgnoreExcessiveExtraSize
>  - Update test to use a Zip64 file produced using the zip command with the -fd flag
>  - Add comment to explaining the setExtraSize and readZipInputStream methods and the zip64File field.
>  - Add comment to the call site of hasZip64 extra
>  - ... and 11 more: https://git.openjdk.org/jdk/compare/fb1a2716...fad0da2e

> We need to hold off this PR until #15650 has been integrated as it impacts some of the changes proposed here

Thanks Lance, I updated the issue to add [JDK-8314891](https://bugs.openjdk.org/browse/JDK-8314891) as a blocker.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/12524#issuecomment-1783879504

More information about the core-libs-dev mailing list