RFR: 8280409: JarFile::verifiableEntry can fail with NPE accessing ze.getName() [v2]
Lance Andersen
lancea at openjdk.java.net
Mon Feb 7 23:02:54 UTC 2022
> Hi all,
>
> Please review the attached patch to address
>
> - That JarFile::getInputStream did not check for a null ZipEntry passed as a parameter
> - Have Zip/JarFile::getInputStream throw a ZipException in the event that an unexpected exception occurs
>
> Mach5 tiers1-3 runs are clean as are the TCK java.util.zip and java.util.jar test runs
>
> Best
> Lance
Lance Andersen has updated the pull request incrementally with one additional commit since the last revision:
Reduce Exception checking to JarFile::verifiableEntry
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7348/files
- new: https://git.openjdk.java.net/jdk/pull/7348/files/b50ebf05..6c75384a
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7348&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7348&range=00-01
Stats: 162 lines in 3 files changed: 90 ins; 21 del; 51 mod
Patch: https://git.openjdk.java.net/jdk/pull/7348.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/7348/head:pull/7348
PR: https://git.openjdk.java.net/jdk/pull/7348
More information about the security-dev
mailing list