On Mon, 5 Feb 2024 13:14:39 GMT, Eirik Bjørsnøs <eir...@openjdk.org> wrote:
>> ZipInputStream.readEnd currently assumes a Zip64 data descriptor if the >> number of compressed or uncompressed bytes read from the inflater is larger >> than the Zip64 magic value. >> >> While the ZIP format mandates that the data descriptor `SHOULD be stored in >> ZIP64 format (as 8 byte values) when a file's size exceeds 0xFFFFFFFF`, it >> also states that `ZIP64 format MAY be used regardless of the size of a >> file`. For such small entries, the above assumption does not hold. >> >> This PR augments ZipInputStream.readEnd to also assume 8-byte sizes if the >> ZipEntry includes a Zip64 extra information field AND at least one of the >> 'compressed size' and 'uncompressed size' have the expected Zip64 "magic" >> value 0xFFFFFFFF. This brings ZipInputStream into alignment with the APPNOTE >> format spec: >> >> >> When extracting, if the zip64 extended information extra >> field is present for the file the compressed and >> uncompressed sizes will be 8 byte values. >> >> >> While small Zip64 files with 8-byte data descriptors are not commonly found >> in the wild, it is possible to create one using the Info-ZIP command line >> `-fd` flag: >> >> `echo hello | zip -fd > hello.zip` >> >> The PR also adds a test verifying that such a small Zip64 file can be parsed >> by ZipInputStream. > > Eirik Bjørsnøs has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains 230 commits: > > - Update readZipInputStream to verify that the ZipInputStream finds a single > zip entry with the expected contents > - Merge branch 'master' into data-descriptor > - Merge branch 'master' into data-descriptor > - Update comment of expect64BitDataDescriptor to reflect relaxed validation > - Dial down validation of the Zip64 extra field > - 8321712: C2: "failed: Multiple uses of register" in > C2_MacroAssembler::vminmax_fp > > Co-authored-by: Volodymyr Paprotski <vpaprot...@openjdk.org> > Reviewed-by: kvn, thartmann, epeter, jbhateja > - 8319128: sun/security/pkcs11 tests fail on OL 7.9 aarch64 > > Reviewed-by: mbaesken > - 8322971: KEM.getInstance() should check if a 3rd-party security provider > is signed > > Reviewed-by: mullan, valeriep > - 8320890: [AIX] Find a better way to mimic dl handle equality > > Reviewed-by: stuefe, mdoerr > - 8323276: StressDirListings.java fails on AIX > > Reviewed-by: jpai, dfuchs > - ... and 220 more: https://git.openjdk.org/jdk/compare/692c9f88...e8d3b904 The latest updates seem OK. Thank you Eirik ------------- Marked as reviewed by lancea (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/12524#pullrequestreview-1876488622