RFR: 8280409: JarFile::verifiableEntry can fail with NPE accessing ze.getName()

Lance Andersen lancea at openjdk.java.net
Fri Feb 4 16:10:11 UTC 2022


On Fri, 4 Feb 2022 15:55:33 GMT, Sean Mullan <mullan at openjdk.org> wrote:

> Could these unexpected exceptions also occur when using the `JarInputStream` API?

It's a different code path as Zip/JarFile leverage the CEN where Zip/JarInputStream leverage the LOC.   I can give it a go and if there is an issue will create a separate issue

-------------

PR: https://git.openjdk.java.net/jdk/pull/7348



More information about the security-dev mailing list