On Thu, 30 May 2024 12:32:22 GMT, Jaikiran Pai <j...@openjdk.org> wrote:
>> Can I please get a review of this change which proposes to address the issue >> noted in https://bugs.openjdk.org/browse/JDK-8210471? >> >> `java.util.zip.Inflater` when instantiated will hold on the native resources >> which are freed only when `Inflater.end()` is called. The constructor of >> `java.util.zip.GZIPInputStream` instantiates an `Inflater` for its internal >> use. After instantiating the `Inflater`, the `GZIPInputStream` constructor >> before returning from the constructor, can run into either a >> `IllegalArgumentException` (because the `size` is `<=0`) or an `IOException` >> when trying to read a GZIP header from the underlying `InputStream`. In >> either of these cases, the `Inflater` that the `GZIPInputStream` created >> internally will end up leaking and the caller has no way to `end()` that >> `Inflater` or even knowledge of that `Inflater`. >> >> The commit in this PR catches the `IOException` when reading the GZIP header >> and `end()`s the `Inflater`. Furthermore, to prevent instantiation of an >> `Inflater`, the `GZIPInputStream` constructor before calling `super(...)` >> will now check the `InputStream` to be non-null and `size` to be `>0`, both >> of which were being done by the `super` constructor. >> >> Given the nature of the change, no new test has been added. Existing tests >> in `test/jdk/java/util/zip` continue to pass and tier1, tier2 and tier3 >> testing is in progress. > > Jaikiran Pai has updated the pull request incrementally with one additional > commit since the last revision: > > introduce a basic test for GZIPInputStream Looks good overall, but I believe we need to address the comment below unless I missed something src/java.base/share/classes/java/util/zip/GZIPInputStream.java line 97: > 95: */ > 96: private static Inflater createInflater(InputStream in, int size) { > 97: Objects.requireNonNull(in); I don't believe we currently indicate at at NPE will be thrown if the InputStream is null so this would require a CSR if we need to document it ------------- PR Review: https://git.openjdk.org/jdk/pull/19475#pullrequestreview-2088514194 PR Review Comment: https://git.openjdk.org/jdk/pull/19475#discussion_r1620877576
