CR 7148271 REGESSION with PNG Image loading

Xueming Shen xueming.shen at
Wed Mar 14 00:14:22 UTC 2012

INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR + inflateUndermine() is the answer from zlib


On 3/13/2012 5:06 PM, Ulf Zibis wrote:
> Am 13.03.2012 20:03, schrieb Xueming Shen:
>> While this indeed is a "regression", the question is do we really 
>> want this
>> behavior (allow those corrupt zip/png files without throwing 
>> exception) to
>> be the default behavior? A possible approach is to by default the
>> rejects such files (by throwing a zip 
>> exception,
>> as the current JDK7 does) and to tolerate such files only with some 
>> -D flag,
>> for example This 
>> definitely will
>> be inconvenient for those who like the PNGImageReader to just work as 
>> it did
>> in previous releases, but appears to be a more reasonable for me.
>> Opinion?
> I think, we should trigger the zlib people to add a runtime option 
> additionally to the compile option. If set, zlib should report a 
> warning instead error in case of invalid distance-too-far stream.
> In java we could propagate the option to the API.
> In the mean time we temporarily could use the -D flag or just fulfill 
> the "just work as it did " strategy with a note in javadoc of Zip class.
> -Ulf

More information about the core-libs-dev mailing list