> ZipInputStream.readEnd currently assumes a Zip64 data descriptor if the > number of compressed or uncompressed bytes read from the inflater is larger > than the Zip64 magic value. > > While the ZIP format mandates that the data descriptor `SHOULD be stored in > ZIP64 format (as 8 byte values) when a file's size exceeds 0xFFFFFFFF`, it > also states that `ZIP64 format MAY be used regardless of the size of a file`. > For such small entries, the above assumption does not hold. > > This PR augments ZipInputStream.readEnd to also assume 8-byte sizes if the > ZipEntry includes a Zip64 extra information field AND at least one of the > 'compressed size' and 'uncompressed size' have the expected Zip64 "magic" > value 0xFFFFFFFF. This brings ZipInputStream into alignment with the APPNOTE > format spec: > > > When extracting, if the zip64 extended information extra > field is present for the file the compressed and > uncompressed sizes will be 8 byte values. > > > While small Zip64 files with 8-byte data descriptors are not commonly found > in the wild, it is possible to create one using the Info-ZIP command line > `-fd` flag: > > `echo hello | zip -fd > hello.zip` > > The PR also adds a test verifying that such a small Zip64 file can be parsed > by ZipInputStream.
Eirik Bjørsnøs has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 230 commits: - Update readZipInputStream to verify that the ZipInputStream finds a single zip entry with the expected contents - Merge branch 'master' into data-descriptor - Merge branch 'master' into data-descriptor - Update comment of expect64BitDataDescriptor to reflect relaxed validation - Dial down validation of the Zip64 extra field - 8321712: C2: "failed: Multiple uses of register" in C2_MacroAssembler::vminmax_fp Co-authored-by: Volodymyr Paprotski <vpaprot...@openjdk.org> Reviewed-by: kvn, thartmann, epeter, jbhateja - 8319128: sun/security/pkcs11 tests fail on OL 7.9 aarch64 Reviewed-by: mbaesken - 8322971: KEM.getInstance() should check if a 3rd-party security provider is signed Reviewed-by: mullan, valeriep - 8320890: [AIX] Find a better way to mimic dl handle equality Reviewed-by: stuefe, mdoerr - 8323276: StressDirListings.java fails on AIX Reviewed-by: jpai, dfuchs - ... and 220 more: https://git.openjdk.org/jdk/compare/692c9f88...e8d3b904 ------------- Changes: https://git.openjdk.org/jdk/pull/12524/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12524&range=15 Stats: 342 lines in 2 files changed: 338 ins; 0 del; 4 mod Patch: https://git.openjdk.org/jdk/pull/12524.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/12524/head:pull/12524 PR: https://git.openjdk.org/jdk/pull/12524
