INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR + inflateUndermine() is the answer
from zlib
author.
-Sherman
On 3/13/2012 5:06 PM, Ulf Zibis wrote:
Am 13.03.2012 20:03, schrieb Xueming Shen:
While this indeed is a "regression", the question is do we really
want this
behavior (allow those corrupt zip/png files without throwing
exception) to
be the default behavior? A possible approach is to by default the
j.u.zip.Inflater/PNGImageReader rejects such files (by throwing a zip
exception,
as the current JDK7 does) and to tolerate such files only with some
-D flag,
for example -Djava.util.zip.InflateAllowInvalidDistance. This
definitely will
be inconvenient for those who like the PNGImageReader to just work as
it did
in previous releases, but appears to be a more reasonable for me.
Opinion?
I think, we should trigger the zlib people to add a runtime option
additionally to the compile option. If set, zlib should report a
warning instead error in case of invalid distance-too-far stream.
In java we could propagate the option to the API.
In the mean time we temporarily could use the -D flag or just fulfill
the "just work as it did " strategy with a note in javadoc of Zip class.
-Ulf
