RFR: 8280409: JarFile::verifiableEntry can fail with NPE accessing ze.getName()

Lance Andersen lancea at openjdk.java.net
Fri Feb 4 14:01:48 UTC 2022


Hi all,

Please review the attached patch to address

- That JarFile::getInputStream did not check for a null ZipEntry passed as a parameter
- Have Zip/JarFile::getInputStream throw a ZipException in the event that an unexpected exception occurs

Mach5 tiers1-3 runs are clean as are the TCK java.util.zip and java.util.jar test runs

Best
Lance

-------------

Commit messages:
 - Update copyright year
 - Address Zip/JarFile::getInputStream Exception handling

Changes: https://git.openjdk.java.net/jdk/pull/7348/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=7348&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8280409
  Stats: 1081 lines in 3 files changed: 1026 ins; 26 del; 29 mod
  Patch: https://git.openjdk.java.net/jdk/pull/7348.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/7348/head:pull/7348

PR: https://git.openjdk.java.net/jdk/pull/7348



More information about the security-dev mailing list