RFR: 8322256: Define and document GZIPInputStream concatenated stream semantics [v10]
Eirik Bjørsnøs
eirbjo at openjdk.org
Thu Aug 29 13:58:24 UTC 2024
On Wed, 28 Aug 2024 21:56:50 GMT, Archie Cobbs <acobbs at openjdk.org> wrote:
>> `GZIPInputStream` supports reading data from multiple concatenated GZIP data streams since [JDK-4691425](https://bugs.openjdk.org/browse/JDK-4691425). In order to do this, after a GZIP trailer frame is read, it attempts to read a GZIP header frame and, if successful, proceeds onward to decompress the new stream. If the attempt to decode a GZIP header frame fails, or happens to trigger an `IOException`, it just ignores the trailing garbage and/or the `IOException` and returns EOF.
>>
>> There are several issues with this:
>>
>> 1. The behaviors of (a) supporting concatenated streams and (b) ignoring trailing garbage are not documented, much less precisely specified.
>> 2. Ignoring trailing garbage is dubious because it could easily hide errors or other data corruption that an application would rather be notified about. Moreover, the API claims that a `ZipException` will be thrown when corrupt data is read, but obviously that doesn't happen in the trailing garbage scenario (so N concatenated streams where the last one has a corrupted header frame is indistinguishable from N-1 valid streams).
>> 3. There's no way to create a `GZIPInputStream` that does _not_ support stream concatenation.
>>
>> On the other hand, `GZIPInputStream` is an old class with lots of existing usage, so it's important to preserve the existing behavior, warts and all (note: my the definition of "existing behavior" here includes the bug fix in [JDK-7036144](https://bugs.openjdk.org/browse/JDK-7036144)).
>>
>> So this patch adds a new constructor that takes two new parameters `allowConcatenation` and `allowTrailingGarbage`. The legacy behavior is enabled by setting both to true; otherwise, they do what they sound like. In particular, when `allowTrailingGarbage` is false, then the underlying input must contain exactly one (if `allowConcatenation` is false) or exactly N (if `allowConcatenation` is true) concatenated GZIP data streams, otherwise an exception is guaranteed.
>
> Archie Cobbs has updated the pull request incrementally with one additional commit since the last revision:
>
> Shorten the description of concatenation behavior per review comments.
I think the `testScenario` method would be easier to read if we dropped the assigments to the `input` and `output` variables, and if the `testDecomp` method was split into separate methods for expecting a successful vs. failing deompression. See comments for details.
test/jdk/java/util/zip/GZIP/GZIPInputStreamConcat.java line 48:
> 46: // Test concat vs. non-concat, garbage vs. no-garbage, and various buffer sizes on random data
> 47: Random random = new Random();
> 48: final ArrayList<List<Object>> scenarios = new ArrayList<>();
Suggestion:
List<List<Object>> scenarios = new ArrayList<>();
test/jdk/java/util/zip/GZIP/GZIPInputStreamConcat.java line 49:
> 47: Random random = new Random();
> 48: final ArrayList<List<Object>> scenarios = new ArrayList<>();
> 49: for (int size = 1; size < 1024; size += random.nextInt(32) + 1) {
It's not obviously clear that `size` is the buffer size passed to GZIPInputStream here and not related to the size of the uncompressed input data.
Perhaps rename this to `bufferSize` and/or document the parameters via a comment?
`// Parameters: byte[] data, int bufferSize`
test/jdk/java/util/zip/GZIP/GZIPInputStreamConcat.java line 69:
> 67: // Decompress a single stream with no extra garbage - should always work
> 68: byte[] input = compressed;
> 69: byte[] output = uncompressed;
The assignment of `input` and `output` variables in this method add a lot of noise. Could this be simplified to something like this?
// Compress the test data
byte[] compressed = deflate(uncompressed);
// Decompress a single stream with no extra garbage - should always work
testDecomp(compressed, uncompressed);
// Decompress a truncated GZIP header
testDecompFail(oneByteShort(gzipHeader()), EOFException.class);
// Decompress a single stream that is one byte short - should always fail
testDecompFail(oneByteShort(compressed), EOFException.class);
// Decompress a single stream with one byte of extra garbage (trying all 256 possible values)
for (int extra = 0; extra < 0x100; extra++) {
testDecomp(oneByteLong(compressed, extra), uncompressed);
}
// Decompress a single stream followed by a truncated GZIP header
testDecomp(concat(compressed, oneByteShort(gzipHeader())), uncompressed);
// Decompress a single stream followed by another stream that is one byte short
testDecompFail(concat(compressed, oneByteShort(compressed)), IOException.class);
// Decompress two streams concatenated
testDecomp(concat(compressed, compressed), concat(uncompressed, uncompressed));
// Decompress three streams concatenated
testDecomp(concat(compressed, compressed, compressed),
concat(uncompressed, uncompressed, uncompressed));
// Decompress three streams concatenated followed by a truncated GZIP header
testDecomp(concat(compressed, compressed, compressed, oneByteShort(gzipHeader())),
concat(uncompressed, uncompressed, uncompressed));
test/jdk/java/util/zip/GZIP/GZIPInputStreamConcat.java line 142:
> 140: System.arraycopy(array, 0, array2, 0, array.length);
> 141: array2[array.length] = (byte)value;
> 142: return array2;
Would it make sense to do the following here?
Suggestion:
return concat(array, new byte[] {(byte) value});
test/jdk/java/util/zip/GZIP/GZIPInputStreamConcat.java line 167:
> 165:
> 166: // GZIP compress data
> 167: public static byte[] deflate(byte[] data) throws IOException {
The returned data is in the GZIP format, not the DEFLATE format. So could be `gzip` rather than `deflate`.
test/jdk/java/util/zip/GZIP/GZIPInputStreamConcat.java line 176:
> 174:
> 175: // GZIP decompress data
> 176: public byte[] inflate(InputStream in) throws IOException {
The stream here is in the GZIP format, not the DEFLATE format. So could be `gunzip` rather than `inflate`.
-------------
PR Review: https://git.openjdk.org/jdk/pull/18385#pullrequestreview-2268596523
PR Review Comment: https://git.openjdk.org/jdk/pull/18385#discussion_r1736128032
PR Review Comment: https://git.openjdk.org/jdk/pull/18385#discussion_r1736160530
PR Review Comment: https://git.openjdk.org/jdk/pull/18385#discussion_r1736229023
PR Review Comment: https://git.openjdk.org/jdk/pull/18385#discussion_r1736125278
PR Review Comment: https://git.openjdk.org/jdk/pull/18385#discussion_r1736119267
PR Review Comment: https://git.openjdk.org/jdk/pull/18385#discussion_r1736120221
More information about the core-libs-dev
mailing list