On Sun, 15 Sep 2024 13:11:26 GMT, Lance Andersen <lan...@openjdk.org> wrote:
>> Please review the following PR which addresses that ZipOutputStream should >> validate the CEN header fields similar to what was done via >> [JDK-8316141](https://bugs.openjdk.org/browse/JDK-8316141) >> >> As part of this change, the javadoc for ZipEntry has been updated to >> indicate that the CEN Header(46 bytes) + entry name length + comment length >> + extra data length must not exceed 0xfffff. >> >> Mach5 tiers 1-3 runs were clean. The zip and jar JCK tests also continue to >> pass > > Lance Andersen has updated the pull request incrementally with one additional > commit since the last revision: > > Update @link ->@linkplain src/java.base/share/classes/java/util/zip/ZipEntry.java line 44: > 42: * entry comment and {@linkplain #CENHDR CEN Header size}, must not > 43: * exceed 65,535 bytes. If it does, {@linkplain ZipOutputStream} will > 44: * throw a {@linkplain ZipException} when writing the ZIP file entry. This looks a little out of place in ZipEntry's class description, does ZOS.putNextEntry throw or is it just finish and close? src/java.base/share/classes/java/util/zip/ZipOutputStream.java line 409: > 407: * A ZipException will be thrown if the combined length of the entry > name, > 408: * the extra field data, the entry comment and {@linkplain #CENHDR > CEN Header size}, > 409: * exceeds 65,535 bytes. Is this missing text to say that close may write as part of closing? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/21003#discussion_r1761614191 PR Review Comment: https://git.openjdk.org/jdk/pull/21003#discussion_r1761616171
