RFR: 8313765: Invalid CEN header (invalid zip64 extra data field size) [v6]
Sergey Bylokhov
serb at openjdk.org
Tue Aug 15 16:04:09 UTC 2023
On Tue, 15 Aug 2023 10:49:37 GMT, Alan Bateman <alanb at openjdk.org> wrote:
> Are you arguing to drop all checking of the extra fields? It's not clear to me that this PR should be do that as it has a lot of implications.
Not all, but do it in a different way. The only thing which is MUST be implemented according to specifications is: if the data in the body of the zip file for size/csize/locoff is negative then the correct value for these fields should be stored in the extended block. So for example if the size is negative in the body of the zip file, then the extended block should be at least 8 bytes. If the locoff is negative then the extended block should be at least 24 bytes(two fillers at the beginning).
Other than that there are no limitation on the size of extended block, it could be 0, 20, 100 , etc. But it should contain correct data if necessary and should not be larger than the surrounding "chunk".
-------------
PR Comment: https://git.openjdk.org/jdk/pull/15273#issuecomment-1679198173
More information about the nio-dev
mailing list