Integrated: 8336025: Improve ZipOutputSream validation of MAX CEN Header field limits
Lance Andersen
lancea at openjdk.org
Mon Sep 23 16:09:44 UTC 2024
On Fri, 13 Sep 2024 17:40:21 GMT, Lance Andersen <lancea at openjdk.org> wrote:
> Please review the following PR which addresses that ZipOutputStream should validate the CEN header fields similar to what was done via [JDK-8316141](https://bugs.openjdk.org/browse/JDK-8316141)
>
> As part of this change, the javadoc for ZipEntry has been updated to indicate that the CEN Header(46 bytes) + entry name length + comment length + extra data length must not exceed 0xfffff.
>
> Mach5 tiers 1-3 runs were clean. The zip and jar JCK tests also continue to pass
This pull request has now been integrated.
Changeset: 0f9f7775
Author: Lance Andersen <lancea at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/0f9f777520c5341be1e9f985f41304a297b08936
Stats: 230 lines in 4 files changed: 196 ins; 20 del; 14 mod
8336025: Improve ZipOutputSream validation of MAX CEN Header field limits
Reviewed-by: alanb
-------------
PR: https://git.openjdk.org/jdk/pull/21003
More information about the core-libs-dev
mailing list