On Wed, 8 Nov 2023 17:27:19 GMT, Lance Andersen <lan...@openjdk.org> wrote:
>> @LanceAndersen >> >> I noticed that this PR did not update `ZipInputStream.readLOC` to perform >> consistency validation between expected and actual extra field size and >> values. Any particular reason why processing of LOC headers was not made >> consistent with CEN? > >> @LanceAndersen >> >> I noticed that this PR did not update `ZipInputStream.readLOC` to perform >> consistency validation between expected and actual extra field size and >> values. Any particular reason why processing of LOC headers was not made >> consistent with CEN? > > Intentional, as this was a follow on to the updates which were done > previously to the CEN work in August, this is follow on cleanup. > > Updates to ZipInputStream would be done separately under a separate PR or > could be done via your work on 8303866 Hey @LanceAndersen, It was a common practice in obfuscation, to create zips with invalid headers. This change leads to a behavioral change that affects existing work processes. Would it be possible to add an system property to restore the old behavior? ------------- PR Comment: https://git.openjdk.org/jdk/pull/15650#issuecomment-2107932136
