RFR: 8280409: JarFile::verifiableEntry can fail with NPE accessing ze.getName() [v3]

Lance Andersen lancea at openjdk.java.net
Thu Feb 10 21:35:56 UTC 2022


> Hi all,
> 
> Please review the attached patch to address
> 
> - That JarFile::getInputStream did not check for a null ZipEntry passed as a parameter
> - Have Zip/JarFile::getInputStream throw a ZipException in the event that an unexpected exception occurs
> 
> Mach5 tiers1-3 runs are clean as are the TCK java.util.zip and java.util.jar test runs
> 
> Best
> Lance

Lance Andersen has updated the pull request incrementally with two additional commits since the last revision:

 - Return a null InputStream when the ZipEntry is not found in the Jar
 - Address formatting and message feedback

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/7348/files
  - new: https://git.openjdk.java.net/jdk/pull/7348/files/6c75384a..32f6c284

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7348&range=02
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7348&range=01-02

  Stats: 95 lines in 3 files changed: 41 ins; 20 del; 34 mod
  Patch: https://git.openjdk.java.net/jdk/pull/7348.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/7348/head:pull/7348

PR: https://git.openjdk.java.net/jdk/pull/7348



More information about the security-dev mailing list