RFR: 8242882: opening jar file with large manifest might throw NegativeArraySizeException [v3]

Jaikiran Pai jpai at openjdk.java.net
Thu Oct 1 14:42:21 UTC 2020


> Can I please get a review and a sponsor for a fix for https://bugs.openjdk.java.net/browse/JDK-8242882?
> 
> As noted in that JBS issue, if the size of the Manifest entry in the jar happens to be very large (such that it exceeds
> the `Integer.MAX_VALUE`), then the current code in `JarFile#getBytes` can lead to a `NegativeArraySizeException`.  This
> is due to the: if (len != -1 && len <= 65535)  block which evaluates to `true` when the size of the manifest entry is
> larger than `Integer.MAX_VALUE`. As a result, this then ends up calling the code which can lead to the
> `NegativeArraySizeException`.  The commit in this PR fixes that issue by changing those `if/else` blocks to prevent
> this issue and instead use a code path that leads to the `InputStream#readAllBytes()` which internally has the
> necessary checks to throw the expected `OutOfMemoryError`.  This commit also includes a jtreg test case which
> reproduces the issue and verifies the fix.

Jaikiran Pai has updated the pull request incrementally with one additional commit since the last revision:

  Second round of review comments addressed

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/323/files
  - new: https://git.openjdk.java.net/jdk/pull/323/files/279c7c83..a011b0d6

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=323&range=02
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=323&range=01-02

  Stats: 34 lines in 2 files changed: 5 ins; 15 del; 14 mod
  Patch: https://git.openjdk.java.net/jdk/pull/323.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/323/head:pull/323

PR: https://git.openjdk.java.net/jdk/pull/323



More information about the security-dev mailing list