On Fri, 29 Mar 2024 18:24:23 GMT, Jiangli Zhou <jian...@openjdk.org> wrote:
>> Liam Miller-Cushon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Maximum Zip64 extra field length is 32
>
> src/java.base/share/native/libjli/parse_manifest.c line 197:
>
>> 195: jlong cenoff = CENOFF(cenhdr);
>> 196: jlong cenext = CENEXT(cenhdr);
>> 197: if (cenoff == ZIP64_MAGICVAL && cenext > 0) {
>
> Probably also need to check if `cenlen` or `censiz` is ZIP64_MAGICVAL?
I think it doesn't matter, because the validation below only uses `cenoff`. If
`cenoff` fits in 32 bits, we don't need to read the zip64 extra info.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18479#discussion_r1544765889
