RFR: 8280409: JarFile::verifiableEntry can fail with NPE accessing ze.getName() [v2]
Alan Bateman
alanb at openjdk.java.net
Tue Feb 8 18:59:07 UTC 2022
On Tue, 8 Feb 2022 18:11:38 GMT, Lance Andersen <lancea at openjdk.org> wrote:
> I personally think it is best to continue throw the NPE as that provides symmetry with ZipFile::getInputStream, aligns with the current javadoc where a null parameter will throw an NPE unless specified elsewhere, there are existing tests which check for an NPE if JarFile::getInpuStream(null) is called.
I think the scenario that we are discussing is where the parameter is not null. It's the case where getInputStream(ZipEntry) is called with a ZipEntry that reports its name as null. I don't think it is covered by existing javadoc.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7348
More information about the security-dev
mailing list