RFR: 8303866: Allow ZipInputStream.readEnd to parse small Zip64 ZIP files [v15]

Eirik Bjørsnøs eirbjo at openjdk.org
Fri Jan 26 14:37:40 UTC 2024 

On Fri, 26 Jan 2024 14:32:58 GMT, Eirik Bjørsnøs <eirbjo at openjdk.org> wrote:

>> ZipInputStream.readEnd currently assumes a Zip64 data descriptor if the number of compressed or uncompressed bytes read from the inflater is larger than the Zip64 magic value.
>> 
>> While the ZIP format  mandates that the data descriptor `SHOULD be stored in ZIP64 format (as 8 byte values) when a file's size exceeds 0xFFFFFFFF`, it also states that `ZIP64 format MAY be used regardless of the size of a file`. For such small entries, the above assumption does not hold.
>> 
>> This PR augments ZipInputStream.readEnd to also assume 8-byte sizes if the ZipEntry includes a Zip64 extra information field AND the 'compressed size' and 'uncompressed size' have the expected Zip64 "magic" value 0xFFFFFFFF. This brings ZipInputStream into alignment with the APPNOTE format spec:
>> 
>> 
>> When extracting, if the zip64 extended information extra 
>> field is present for the file the compressed and 
>> uncompressed sizes will be 8 byte values.
>> 
>> 
>> While small Zip64 files with 8-byte data descriptors are not commonly found in the wild, it is possible to create one using the Info-ZIP command line `-fd` flag:
>> 
>> `echo hello | zip -fd > hello.zip`
>> 
>> The PR also adds a test verifying that such a small Zip64 file can be parsed by ZipInputStream.
>
> Eirik Bjørsnøs has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 228 commits:
> 
>  - Merge branch 'master' into data-descriptor
>  - Update comment of expect64BitDataDescriptor to reflect relaxed validation
>  - Dial down validation of the Zip64 extra field
>  - 8321712: C2: "failed: Multiple uses of register" in C2_MacroAssembler::vminmax_fp
>    
>    Co-authored-by: Volodymyr Paprotski <vpaprotski at openjdk.org>
>    Reviewed-by: kvn, thartmann, epeter, jbhateja
>  - 8319128: sun/security/pkcs11 tests fail on OL 7.9 aarch64
>    
>    Reviewed-by: mbaesken
>  - 8322971: KEM.getInstance() should check if a 3rd-party security provider is signed
>    
>    Reviewed-by: mullan, valeriep
>  - 8320890: [AIX] Find a better way to mimic dl handle equality
>    
>    Reviewed-by: stuefe, mdoerr
>  - 8323276: StressDirListings.java fails on AIX
>    
>    Reviewed-by: jpai, dfuchs
>  - 8319793: C2 compilation fails with "Bad graph detected in build_loop_late" after JDK-8279888
>    
>    Reviewed-by: chagedorn, epeter
>  - 8314515: java/util/concurrent/SynchronousQueue/Fairness.java failed with "Error: fair=false i=8 j=0"
>    
>    Reviewed-by: alanb
>  - ... and 218 more: https://git.openjdk.org/jdk/compare/e10d1400...4af7f500

In help make progress here, I have relaxed the validation here such that we now check:

- That the "streaming mode" bit 3 flag is set
- That at least one of the LOC's size fields are marked 0xFFFFFFFF.
- That the LOC extra field has a field with header ID 0x1 (Zip64)

Any reading/validation of the contents of the Zip64 extra field has been removed.

@jaikiran Is this closer to what you'd like to see?

-------------

PR Comment: https://git.openjdk.org/jdk/pull/12524#issuecomment-1912164693

More information about the core-libs-dev mailing list