On Thu, 19 Feb 2026 18:44:32 GMT, Eirik Bjørsnøs <[email protected]> wrote:
>> Please review this PR which brings `jdk.nio.zipfs.ZipFileSystem` `END` >> header validation into behavioral alignment with the corresponding checks in >> `java.util.zip.ZipFile`. >> >> This brings two validation checks over to `ZipFileSystem`: >> >> * Rejection of END headers with a CEN size larger than >> `ArraysSupport.SOFT_MAX_ARRAY_LENGTH` (JDK-8272746) >> * Rejection of END headers with a total entry count which cannot fit within >> the CEN byte array (JDK-8341625) >> >> Test vector setup in >> `test/jdk/java/util/zip/ZipFile/EndOfCenValidation.java` is extracted to a >> new test lib utility class `jdk.test.lib.util.ZipUtils`. >> `EndOfCenValidation` is then copied to `test/jdk/jdk/nio/zipfs` and adjusted >> to test `ZipFileSystem` instead of `ZipFile`. >> >> Tangentially, `ZipFileSystem.findEND` is updated to make `END.centot` a >> `long` instead of an `int`. This avoids a narrowing conversion which >> otherwise prevents validating a larger than Integer.MAX_VALUE number of CEN >> entries. Similar adjustments to `ZipFile` was done in JDK-8341625. >> >> `ZipFile.Source.initCEN` is updated with some minor code style / code >> comment changes to make side-by-side diffs less noisy. Additionally, >> validated `end.cenlen` and `end.centot` values are now consistently >> converted to `int` using `Math.toIntExact`. > > Eirik Bjørsnøs has updated the pull request incrementally with three > additional commits since the last revision: > > - Replace ZipFile reference in clas comment with ZipFileSystem > - Remove spurious '*' > - Extract test vector setup into ZipUtils class reusable across > ZipFile/ZipFileSystem tests thank you for the update Eirik. Overall looks good. You might get some asks to remove the extra blank lines here and there. I have no strong preference. I think the copyright should just be 2026 for these new files but need to confirm test/jdk/jdk/nio/zipfs/EndOfCenValidation.java line 2: > 1: /* > 2: * Copyright (c) 2023, 2026, Oracle and/or its affiliates. All rights > reserved. As this is a new file, I believe this should be 2026 only test/lib/jdk/test/lib/util/ZipUtils.java line 2: > 1: /* > 2: * Copyright (c) 2023, 2026, Oracle and/or its affiliates. All rights > reserved. Same comment on copyright only being 2026 ------------- PR Review: https://git.openjdk.org/jdk/pull/29747#pullrequestreview-3833307379 PR Review Comment: https://git.openjdk.org/jdk/pull/29747#discussion_r2834291100 PR Review Comment: https://git.openjdk.org/jdk/pull/29747#discussion_r2834293304
