RFR: 8336025: Improve ZipOutputSream validation of MAX CEN Header field limits [v4]
Lance Andersen
lancea at openjdk.org
Sat Sep 21 14:51:17 UTC 2024
> Please review the following PR which addresses that ZipOutputStream should validate the CEN header fields similar to what was done via [JDK-8316141](https://bugs.openjdk.org/browse/JDK-8316141)
>
> As part of this change, the javadoc for ZipEntry has been updated to indicate that the CEN Header(46 bytes) + entry name length + comment length + extra data length must not exceed 0xfffff.
>
> Mach5 tiers 1-3 runs were clean. The zip and jar JCK tests also continue to pass
Lance Andersen has updated the pull request incrementally with one additional commit since the last revision:
Minor wordsmithing as part of the finalization of the CSR
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/21003/files
- new: https://git.openjdk.org/jdk/pull/21003/files/69cf3312..e250340b
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=21003&range=03
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=21003&range=02-03
Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/21003.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/21003/head:pull/21003
PR: https://git.openjdk.org/jdk/pull/21003
More information about the core-libs-dev
mailing list