On 3/13/2012 1:09 PM, Alan Bateman wrote:
On 13/03/2012 19:03, Xueming Shen wrote:
While this indeed is a "regression", the question is do we really
want this
behavior (allow those corrupt zip/png files without throwing
exception) to
be the default behavior? A possible approach is to by default the
j.u.zip.Inflater/PNGImageReader rejects such files (by throwing a zip
exception,
as the current JDK7 does) and to tolerate such files only with some
-D flag,
for example -Djava.util.zip.InflateAllowInvalidDistance. This
definitely will
be inconvenient for those who like the PNGImageReader to just work as
it did
in previous releases, but appears to be a more reasonable for me.
Opinion?
This is tough one, do you have any sense for how common this issue is?
What are the downsides or risks to ignoring invalid distance values?
I don't know "how common" this issue is. So far this is the first
incident I heard so far. However
given JDK7 (the release we upgraded the internal zlib after almost
decade) is just out, I would expect
we might hear more.
The downside of ignoring is that the error is simply ignored "silently".
It would be reasonable to
assume some users want to be alerted by the exception throwing that the
zip/png file they are
working on is broken. With INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
on, the inflater
now will fill the output buffer with 0 for those invalid bits.
-Sherman
