RFR: 8336025: Improve ZipOutputSream validation of MAX CEN Header field limits [v2]
Lance Andersen
lancea at openjdk.org
Mon Sep 16 11:45:04 UTC 2024
On Mon, 16 Sep 2024 10:05:56 GMT, Eirik Bjørsnøs <eirbjo at openjdk.org> wrote:
> I'm curious why the combined header length validation is being placed so late. In general I would assume failing fast is better?
>
> Also, since the combined header length clause applies to "any directory record", it also applies to LOC?
>
> So why is this happening late in `writeCEN`, as opposed to early in `putNextEntry`?
>
> Edit: I'm aware that moving it to `putNextEntry` means you probably need to repeat it in writeCEN, just in case the `ZipEntry` was updated meanwhile.
>
> Some comments inline.
As this is really a corner case at best, I decided to keep the changes to a minimum and the validation in writeCEN given that is where the encoded comment bytes are obtained and written out.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/21003#issuecomment-2352684425
More information about the core-libs-dev
mailing list