RFR: 8354799: ZipInputStream doesn't verify CRC for ZIP entry with empty file data [v3]
Shaojin Wen
swen at openjdk.org
Sat May 24 01:36:54 UTC 2025
On Mon, 12 May 2025 11:27:35 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:
>> Can I please get a review of this change which addresses the issue noted in https://bugs.openjdk.org/browse/JDK-8354799?
>>
>> `java.util.zip.ZipInputStream` when dealing with a `STORED` entry of zero size was missing a CRC check for that entry. The change in this PR addresses that and introduces a new jtreg test which reproduces the issue and verifies the fix.
>>
>> tier testing is currently in progress.
>
> Jaikiran Pai has updated the pull request incrementally with one additional commit since the last revision:
>
> Lance's suggestion - simplify argument creation, given just a handful number of argument values
test/jdk/java/util/zip/ZipInputStream/ZipInputStreamCRCCheck.java line 136:
> 134: System.out.println("tampered the crc value"
> 135: + " from 0x" + Integer.toHexString(currentCRC)
> 136: + " to 0x" + Integer.toHexString(bb.position(crcOffset).getInt()));
Suggestion:
System.out.format("tampered the crc value from 0x%x to 0x%x%n", currentCRC, bb.position(crcOffset).getInt());
The test code does not require high performance, we can System.out.format
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25116#discussion_r2105656655
More information about the core-libs-dev
mailing list