RFR: 8280409: JarFile::getInputStream can fail with NPE accessing ze.getName() [v4]

Lance Andersen lancea at openjdk.java.net
Tue Feb 22 22:05:34 UTC 2022


On Sat, 19 Feb 2022 10:59:56 GMT, Alan Bateman <alanb at openjdk.org> wrote:

> > Ok, thank you for the feedback. I just pushed a change with additional comments on the jar creation which hopefully will address your input above.
> 
> It's a bit better but I think it needs a clear step-by-step instructions in a comment before declaration of VALID_ENTRY_NAME to show how the JAR file is created, signed (move the instructions that have been placed on the TestNG setup method), and then converted to the byte array. Further maintainers will thank you.

Just pushed a revised set of comments.  Hopefully this will get us across the goal line.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7348



More information about the security-dev mailing list