RFR: 8303866: Allow ZipInputStream.readEnd to parse small Zip64 ZIP files [v9]

Eirik Bjørsnøs eirbjo at openjdk.org
Tue Jan 9 15:58:50 UTC 2024 

On Mon, 8 Jan 2024 15:04:58 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> Eirik Bjørsnøs has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 33 commits:
>> 
>>  - Merge branch 'master' into data-descriptor
>>  - Extract ZIP64_BLOCK_SIZE_OFFSET as a constant
>>  - A Zip64 extra field used in a LOC header must include both the uncompressed and compressed size fields, and does not include local header offset or disk start number fields. Conequently, a valid LOC Zip64 block must always be 16 bytes long.
>>  - Document better the zip command and options used to generate the test vector ZIP
>>  - Fix spelling of "presence"
>>  - Add a @bug reference in the test
>>  - Use the term "block size" when referring to the size of a Zip64 extra field data block
>>  - Update comment reflect that a Zip64 extended field in a LOC header has only two valid block sizes
>>  - Convert test from testNG to JUnit
>>  - Fix the check that the size of an extra field block size must not grow past the total extra field length
>>  - ... and 23 more: https://git.openjdk.org/jdk/compare/e2042421...ddff130f
>
> src/java.base/share/classes/java/util/zip/ZipInputStream.java line 654:
> 
>> 652:      * data contained no Zip64 field.
>> 653:      */
>> 654:     private boolean hasZip64Extra(ZipEntry e) throws IOException {
> 
> Given what this method does, I think it shouldn't throw an IOException (or any other exception for that matter), should strictly return true or false. I haven't imported this code locally, but as far as I can see in its implementation, there doesn't seem to be anything that throws a checked IOException, so perhaps this throws is already redundant?

Fixed.

> The private `hasMagic` method in `java.util.jar.JarOutputStream` has an example where we catch the `ArrayIndexOutOfBoundsException` when dealing with the extra data, we should do similar here and return `false`.

I've updated for loop to verify that there is always at least 4 bytes available to read the two short fields, so now a `ArrayIndexOutOfBoundsException` should no longer be possible. I also extended the test in the PR to cover a case where the LOC extra field  ends with a truncated extra field (just the two-byte tag) to cover this case.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/12524#discussion_r1446275924
PR Review Comment: https://git.openjdk.org/jdk/pull/12524#discussion_r1446278827

More information about the core-libs-dev mailing list