On Wed, 24 Jan 2024 10:28:46 GMT, Eirik Bjørsnøs <eir...@openjdk.org> wrote:
>> Please review this PR which suggests we retire the ZIP test >> `NoExtensionSignature` along with its `test.jar` test vector. >> >> The concern of a missing data descriptor signature is covered by the >> recently updated `DataDescriptorSignatureMissing` test, see #12959. That >> test is more complete, includes more documentation and uses a >> programmatically generated test vector. >> >> Careful analysis of the deleted `test.jar` test vector revealed that it >> contains a local header with non-zero `compressed size` and `uncompressed >> size` fields for a streaming-mode entry. `APPNOTE.TXT` mandates that when >> bit 3 of the general purpose bit flag is set, then these fields and the >> `crc` field should all be set to zero. >> >> By injecting assertions into `ZipInputStream.readLOC` I was able to >> determine that `NoExtensionSignature` is the only test currently parsing a >> ZIP file with such non-zero fields in streaming mode. >> >> Because of this, and out of caution, this PR introduces a new test >> `DataDescriptorIgnoreCrcAndSizeFields` which explicitly verifies that >> `ZipInputStream` does not read any non-zero `crc`, `compressed size` or >> `uncompressed size` field values from a local header when in streaming mode. >> `ZipInputStream` should ignore these values and it would be good to have a >> test which asserts that this invariant holds even when the fields are >> non-zero. > > Eirik Bjørsnøs has updated the pull request with a new target base due to a > merge or a rebase. The incremental webrev excludes the unrelated changes > brought in by the merge/rebase. The pull request contains three additional > commits since the last revision: > > - Merge branch 'master' into retire-no-extension-signature > - Rename 'nameAndContent' parameter to 'expected' > - Retire the test NoExtensionSignature in favor of > DataDescriptorSignatureMissing. Introduce the new test > DataDescriptorIgnoreCrcAndSizeFields covering unrelated aspects implicitly > tested by NoExtensionSignature. Marked as reviewed by lancea (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/16975#pullrequestreview-1860257395
