RFR: 8377992: (zipfs) Align ZipFileSystem END header validation with the ZipFile implementation [v2]

Eirik Bjørsnøs eirbjo at openjdk.org
Thu Feb 19 18:44:32 UTC 2026 

> Please review this PR which brings `jdk.nio.zipfs.ZipFileSystem` `END` header validation into behavioral alignment with the corresponding checks in `java.util.zip.ZipFile`.
> 
> This brings two validation checks over to `ZipFileSystem`:
> 
> * Rejection of END headers with a CEN size larger than `ArraysSupport.SOFT_MAX_ARRAY_LENGTH` (JDK-8272746)
> * Rejection of END headers with a total entry count which cannot fit within the CEN byte array  (JDK-8341625)
> 
> The test `test/jdk/java/util/zip/ZipFile/EndOfCenValidation.java` is updated to to verify that ZIP files  rejected by the `ZipFile` constructor are now also rejected by `ZipFileSystem.newFileSystem`.
> 
> Tangentially, `ZipFileSystem.findEND` is updated to make `END.centot` a `long` instead of an `int`. This avoids a narrowing conversion which otherwise prevents validating a larger than Integer.MAX_VALUE number of CEN entries.  Similar adjustments to `ZipFile` was done in JDK-8341625.
> 
> `ZipFile.Source.initCEN` is updated with some minor code style / code comment changes to make side-by-side diffs less noisy. Additionally, validated `end.cenlen` and `end.centot` values are now consistently converted to `int` using `Math.toIntExact`.

Eirik Bjørsnøs has updated the pull request incrementally with three additional commits since the last revision:

 - Replace ZipFile reference in clas comment with ZipFileSystem
 - Remove spurious '*'
 - Extract test vector setup into ZipUtils class reusable across ZipFile/ZipFileSystem tests

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/29747/files
  - new: https://git.openjdk.org/jdk/pull/29747/files/17b8a72c..d6fc0aee

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=29747&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=29747&range=00-01

  Stats: 656 lines in 3 files changed: 417 ins; 221 del; 18 mod
  Patch: https://git.openjdk.org/jdk/pull/29747.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/29747/head:pull/29747

PR: https://git.openjdk.org/jdk/pull/29747

More information about the core-libs-dev mailing list