On Fri, 26 Jan 2024 14:32:58 GMT, Eirik Bjørsnøs <eir...@openjdk.org> wrote:
>> ZipInputStream.readEnd currently assumes a Zip64 data descriptor if the >> number of compressed or uncompressed bytes read from the inflater is larger >> than the Zip64 magic value. >> >> While the ZIP format mandates that the data descriptor `SHOULD be stored in >> ZIP64 format (as 8 byte values) when a file's size exceeds 0xFFFFFFFF`, it >> also states that `ZIP64 format MAY be used regardless of the size of a >> file`. For such small entries, the above assumption does not hold. >> >> This PR augments ZipInputStream.readEnd to also assume 8-byte sizes if the >> ZipEntry includes a Zip64 extra information field AND at least one of the >> 'compressed size' and 'uncompressed size' have the expected Zip64 "magic" >> value 0xFFFFFFFF. This brings ZipInputStream into alignment with the APPNOTE >> format spec: >> >> >> When extracting, if the zip64 extended information extra >> field is present for the file the compressed and >> uncompressed sizes will be 8 byte values. >> >> >> While small Zip64 files with 8-byte data descriptors are not commonly found >> in the wild, it is possible to create one using the Info-ZIP command line >> `-fd` flag: >> >> `echo hello | zip -fd > hello.zip` >> >> The PR also adds a test verifying that such a small Zip64 file can be parsed >> by ZipInputStream. > > Eirik Bjørsnøs has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains 228 commits: > > - Merge branch 'master' into data-descriptor > - Update comment of expect64BitDataDescriptor to reflect relaxed validation > - Dial down validation of the Zip64 extra field > - 8321712: C2: "failed: Multiple uses of register" in > C2_MacroAssembler::vminmax_fp > > Co-authored-by: Volodymyr Paprotski <vpaprot...@openjdk.org> > Reviewed-by: kvn, thartmann, epeter, jbhateja > - 8319128: sun/security/pkcs11 tests fail on OL 7.9 aarch64 > > Reviewed-by: mbaesken > - 8322971: KEM.getInstance() should check if a 3rd-party security provider > is signed > > Reviewed-by: mullan, valeriep > - 8320890: [AIX] Find a better way to mimic dl handle equality > > Reviewed-by: stuefe, mdoerr > - 8323276: StressDirListings.java fails on AIX > > Reviewed-by: jpai, dfuchs > - 8319793: C2 compilation fails with "Bad graph detected in build_loop_late" > after JDK-8279888 > > Reviewed-by: chagedorn, epeter > - 8314515: java/util/concurrent/SynchronousQueue/Fairness.java failed with > "Error: fair=false i=8 j=0" > > Reviewed-by: alanb > - ... and 218 more: https://git.openjdk.org/jdk/compare/e10d1400...4af7f500 test/jdk/java/util/zip/ZipInputStream/Zip64DataDescriptor.java line 270: > 268: try (ZipInputStream in = new ZipInputStream(new > ByteArrayInputStream(zip))) { > 269: ZipEntry e; > 270: while ( (e = in.getNextEntry()) != null) { The zip is expected to have a single ZipEntry. Would it be better to do something like this, so that if the ZipEntry is missing, then the test fails? (I haven't tested this code below) ZipEntry e = in.getNextEntry(); assertNotNull(e, "missing zip entry"); assertEquals("hello\n", new String(in.readAllBytes(), StandardCharsets.UTF_8)); assertNull(in.getNextEntry(), "unexpected additional zip entry"); ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/12524#discussion_r1478134704
