Integrated: 8377992: (zipfs) Align ZipFileSystem END header validation with the ZipFile implementation

[Eirik Bjørsnøs]

On Mon, 16 Feb 2026 15:15:28 GMT, Eirik Bjørsnøs <eirbjo at openjdk.org> wrote:

> Please review this PR which brings `jdk.nio.zipfs.ZipFileSystem` `END` header validation into behavioral alignment with the corresponding checks in `java.util.zip.ZipFile`.
> 
> This brings two validation checks over to `ZipFileSystem`:
> 
> * Rejection of END headers with a CEN size larger than `ArraysSupport.SOFT_MAX_ARRAY_LENGTH` (JDK-8272746)
> * Rejection of END headers with a total entry count which cannot fit within the CEN byte array  (JDK-8341625)
> 
> Test vector setup in `test/jdk/java/util/zip/ZipFile/EndOfCenValidation.java` is extracted to a new test lib utility class `jdk.test.lib.util.ZipUtils`. `EndOfCenValidation` is then copied to `test/jdk/jdk/nio/zipfs` and adjusted to test `ZipFileSystem` instead of `ZipFile`.
> 
> Tangentially, `ZipFileSystem.findEND` is updated to make `END.centot` a `long` instead of an `int`. This avoids a narrowing conversion which otherwise prevents validating a larger than Integer.MAX_VALUE number of CEN entries.  Similar adjustments to `ZipFile` was done in JDK-8341625.
> 
> `ZipFile.Source.initCEN` is updated with some minor code style / code comment changes to make side-by-side diffs less noisy. Additionally, validated `end.cenlen` and `end.centot` values are now consistently converted to `int` using `Math.toIntExact`.

This pull request has now been integrated.

Changeset: d62b9f78
Author:    Eirik Bjørsnøs <eirbjo at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/d62b9f78ca4a35bb6c5f665172c7abce4dac56ca
Stats:     692 lines in 5 files changed: 425 ins; 229 del; 38 mod

8377992: (zipfs) Align ZipFileSystem END header validation with the ZipFile implementation

Reviewed-by: lancea

-------------

PR: https://git.openjdk.org/jdk/pull/29747