RFR: 8336025: Improve ZipOutputSream validation of MAX CEN Header field limits [v2]

[Eirik Bjørsnøs]

On Sun, 15 Sep 2024 13:11:26 GMT, Lance Andersen <lancea at openjdk.org> wrote:

>> Please review the following PR which addresses that ZipOutputStream should validate the CEN header fields similar to what was done via [JDK-8316141](https://bugs.openjdk.org/browse/JDK-8316141)
>> 
>> As part of this change, the javadoc for ZipEntry has been updated to indicate that the CEN Header(46 bytes) + entry name length + comment length + extra data length must not exceed 0xfffff.
>> 
>> Mach5 tiers 1-3 runs were clean.  The zip and jar JCK tests also continue to pass
>
> Lance Andersen has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update @link ->@linkplain

src/java.base/share/classes/java/util/zip/ZipOutputStream.java line 381:

> 379:      * the underlying stream. Use this method when applying multiple filters
> 380:      * in succession to the same output stream.
> 381:      * <p>

People reading this not too carefully may think the combined length referrs to the concatenated string length. I know "bytes" is the last word, so technically this is correct. But maybe being slightly more explicit that the length depends on the chosen charset would remove some ambiguity?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/21003#discussion_r1760803539