RFR: 8280409: JarFile::getInputStream can fail with NPE accessing ze.getName() [v4]
Alan Bateman
alanb at openjdk.java.net
Fri Feb 18 12:12:54 UTC 2022
On Thu, 17 Feb 2022 19:00:47 GMT, Lance Andersen <lancea at openjdk.org> wrote:
>> Hi all,
>>
>> Please review the attached patch to address
>>
>> - That JarFile::getInputStream did not check for a null ZipEntry passed as a parameter
>> - Have Zip/JarFile::getInputStream throw a ZipException in the event that an unexpected exception occurs
>>
>> Mach5 tiers1-3 runs are clean as are the TCK java.util.zip and java.util.jar test runs
>>
>> Best
>> Lance
>
> Lance Andersen has updated the pull request incrementally with one additional commit since the last revision:
>
> Return null when ZipEntry::getName is null
The updates changes to ZipFile/JarFile look okay. I don't have time to study the test too closely right now but it will need to include instructions on how to re-create the signed JAR that is stored in the byte array.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7348
More information about the security-dev
mailing list