RFR: 7036144: GZIPInputStream readTrailer uses faulty available() test for end-of-stream [v6]

Jaikiran Pai jpai at openjdk.org
Wed Mar 6 14:19:51 UTC 2024


On Mon, 5 Feb 2024 23:53:06 GMT, Archie Cobbs <acobbs at openjdk.org> wrote:

>> `GZIPInputStream`, when looking for a concatenated stream, relies on what the underlying `InputStream` says is how many bytes are `available()`. But this is inappropriate because `InputStream.available()` is just an estimate and is allowed (for example) to always return zero.
>> 
>> The fix is to ignore what's `available()` and just proceed and see what happens. If fewer bytes are available than required, the attempt to extend to another stream is canceled just as it was before, e.g., when the next stream header couldn't be read.
>
> Archie Cobbs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision:
> 
>  - Merge branch 'master' into JDK-7036144
>  - Merge branch 'master' into JDK-7036144
>  - Address third round of review comments.
>  - Address second round of review comments.
>  - Address review comments.
>  - Fix bug in GZIPInputStream when underlying available() returns short.

Hello Archie, I hope to finish off running the necessary analysis to see if there is any obvious impact because of this change, in the coming days. Based on the intial runs, the changes proposed in this PR look OK to me.

In the meantime, given the nature of this change, I am marking this as requiring a CSR. Would you be willing to come up with the CSR text for this (https://wiki.openjdk.org/display/csr/Main)?

-------------

PR Comment: https://git.openjdk.org/jdk/pull/17113#issuecomment-1980967387


More information about the core-libs-dev mailing list