RFR: 8336025: Improve ZipOutputSream validation of MAX CEN Header field limits [v2]
Lance Andersen
lancea at openjdk.org
Mon Sep 16 18:54:08 UTC 2024
On Mon, 16 Sep 2024 18:47:40 GMT, Alan Bateman <alanb at openjdk.org> wrote:
>> Short answer. finish() which calls writeCEN, will throw for the above.
>>
>> As the entry comment, is only part of the CEN, I wanted to keep the encoding in writeCEN as there is no reason to do it earlier.
>
> I looks very out of place when reading ZipEntry's class description. I think we'll have to move to the places where the exception is thrown.
So that means removing completely from ZipEntry, which is fine. The wording is in ZipOutputStream::finish() and was in ZipOutputStream::close(), but I believe with your proposed change, we are removing it from close
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21003#discussion_r1761689672
More information about the core-libs-dev
mailing list