[jdk8u-dev] RFR: 8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field"
Andrew John Hughes
andrew at openjdk.org
Wed Aug 23 09:20:54 UTC 2023
On Mon, 31 Jul 2023 22:54:53 GMT, Xin Liu <xliu at openjdk.org> wrote:
> Package nio.zipfs is in demo directory of jdk8u. It is not the part of standard libraries until jdk9. However, we found that some Java8 applications use it and hit a bug. I guess this manifests Hyrum's Law again.
>
> This patch can *NOT* apply to jdk8u cleanly. I need to adjust the directory. I drop the cosmetic changes in nio/zipfs/ZipCoder.java. It helps minimize changeset. If we want to include them, we need to backport other patches.
>
> We test jtreg locally. I reckon the risk is minimal because the patch only adds a few boundary checks in nio/zipfs/EXTT. Without it, zipfs throws java.lang.ArrayIndexOutOfBoundsException when it encounters a problematic zip file.
Changes to `ZipFileSystem.java` are clean (I think this code has been left largely untouched)
Changes to `ZipCoder.java` are inapplicable because 8u does not have [JDK-8172921](https://bugs.openjdk.org/browse/JDK-8172921) which introduced the bad formatting (even though it's a code cleanup patch...)
Approved for 8u.
-------------
Marked as reviewed by andrew (Reviewer).
PR Review: https://git.openjdk.org/jdk8u-dev/pull/349#pullrequestreview-1590734331
More information about the jdk8u-dev
mailing list