RFR: 8336025: Improve ZipOutputSream validation of MAX CEN Header field limits [v5]
Lance Andersen
lancea at openjdk.org
Mon Sep 23 11:04:24 UTC 2024
> Please review the following PR which addresses that ZipOutputStream should validate the CEN header fields similar to what was done via [JDK-8316141](https://bugs.openjdk.org/browse/JDK-8316141)
>
> As part of this change, the javadoc for ZipEntry has been updated to indicate that the CEN Header(46 bytes) + entry name length + comment length + extra data length must not exceed 0xfffff.
>
> Mach5 tiers 1-3 runs were clean. The zip and jar JCK tests also continue to pass
Lance Andersen has updated the pull request incrementally with one additional commit since the last revision:
Updates to CenSizeTooLarge
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/21003/files
- new: https://git.openjdk.org/jdk/pull/21003/files/e250340b..0347a697
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=21003&range=04
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=21003&range=03-04
Stats: 26 lines in 1 file changed: 6 ins; 15 del; 5 mod
Patch: https://git.openjdk.org/jdk/pull/21003.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/21003/head:pull/21003
PR: https://git.openjdk.org/jdk/pull/21003
More information about the core-libs-dev
mailing list