Looks good Sherman.
I'll look after the possible zerror enhancement as part of
https://bugs.openjdk.java.net/browse/JDK-8144055
I think printing just the file name itself without path is safe. We
could decide whether installation of a security manager should be a
factor for such cases. Zip
Hi Sherman,
Nice work. It'll certainly help protect the VM from bad application
code. I've no major issues with the new code. Some comments below.
src/java.base/share/classes/java/util/zip/ZipFile.java
unused import :
import java.nio.file.Path;
line 840 : This could be marked final
Hi Sean,
Thanks for the review. Webrev has been updated accordingly. The
only suggestion I did not follow is to append the file name into the
zip error/exception message. I would assume it might have vuln
concern if the file name is published in such exception. It might be
OK to only publish the
Hi
Please help review the changes for JDK-8142508 (third try)
Issue: https://bugs.openjdk.java.net/browse/JDK-8142508
webrev: http://cr.openjdk.java.net/~sherman/8142508/webrev
Mainly to address the issues in current j.u.z.ZipFile implementation as listed
below
(1) The ZIP file format support