On Mon, 16 Sep 2024 11:19:36 GMT, Lance Andersen <lan...@openjdk.org> wrote:
> I left that intentionally for now. A follow on PR will be updating the > ZipEntry javadoc to reduce the max size of the validation check once this PR > is finalized. Hang on, not sure I follow. Perhaps I just didn't understand your response.. Just to clarify my own comment first: If the entry comment is `> 0xFFFF` at this point, then it will in all cases cause a rejection with a ZipException when the combined clause is enforced a few lines down since the comment size itself is sufficient to violate the `headerSize` check? Moving the `headerSize` validation before the comment processing would enforce the invariant that `comment < 0xFFFF - CENHDR`, thus the truncation logic would not be neccessary. This PR documents the "combined clause" limitation in ZipEntry according to `APPNOTE.TXT`. How and why should this be reduced in the follow on PR? I don't seem to understand the scope and purpose of the follow on PR. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/21003#discussion_r1761036460
