[jdk8u-dev] RFR: 8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field"
Sergey Bylokhov
serb at openjdk.org
Sat Aug 12 01:43:59 UTC 2023
On Mon, 31 Jul 2023 22:54:53 GMT, Xin Liu <xliu at openjdk.org> wrote:
> Package nio.zipfs is in demo directory of jdk8u. It is not the part of standard libraries until jdk9. However, we found that some Java8 applications use it and hit a bug. I guess this manifests Hyrum's Law again.
>
> This patch can *NOT* apply to jdk8u cleanly. I need to adjust the directory. I drop the cosmetic changes in nio/zipfs/ZipCoder.java. It helps minimize changeset. If we want to include them, we need to backport other patches.
>
> We test jtreg locally. I reckon the risk is minimal because the patch only adds a few boundary checks in nio/zipfs/EXTT. Without it, zipfs throws java.lang.ArrayIndexOutOfBoundsException when it encounters a problematic zip file.
Marked as reviewed by serb (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk8u-dev/pull/349#pullrequestreview-1574633537
More information about the jdk8u-dev
mailing list