JDK-8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field"

Xueming Shen xueming.shen at oracle.com
Thu Jan 19 21:39:38 UTC 2017


Please review the change for

issue: https://bugs.openjdk.java.net/browse/JDK-8173072
webrev: http://cr.openjdk.java.net/~sherman/8173072/webrev

As described in the issue, the root cause is that the offending zip/jar file
has a "extended timestamp extra field" that does not strictly follow the
spec, AND the zipfs implementation does not do a good job to do sanity
check on the data size like what the ZipEntry code does when check the
timestamps. The change here is to check both the flag and the length,
stop reading a/ctime if there is no more data, even the flags field says
there are more data.

I have run the test manually to verify the change, but decided not to check
in a binary zip/jar file (which is not encouraged for jdk repo) for the
regression test.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/nio-dev/attachments/20170119/bb7e01e4/attachment-0001.html>

More information about the nio-dev mailing list