-
Bug
-
Resolution: Fixed
-
P2
-
None
-
None
-
b32
-
generic
-
generic
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8084332 | emb-9 | Martin Buchholz | P2 | Resolved | Fixed | team |
A zip file local header may be optionally followed by a "data descriptor", and that may optionally include a signature. ZipInputStream has code to handle the situation when the optional signature is missing, but it is buggy - off-by-one.
webrev: http://cr.openjdk.java.net/~martin/webrevs/openjdk9/zip-DataDescriptorSignatureMissing/
/*
* Local headers for DEFLATED entries may optionally be followed by a
* data descriptor, and that data descriptor may optionally contain a
* leading signature (EXTSIG).
*
* From the zip spec http://www.pkware.com/documents/casestudies/APPNOTE.TXT
*
* """Although not originally assigned a signature, the value 0x08074b50
* has commonly been adopted as a signature value for the data descriptor
* record. Implementers should be aware that ZIP files may be
* encountered with or without this signature marking data descriptors
* and should account for either case when reading ZIP files to ensure
* compatibility."""
*
* As of 2014-08, python's zipfile implementation does not include the
* optional signature, but other implementations (including openjdk) do.
*
* ZipFile.writestr writes incorrect extended local headers
* http://bugs.python.org/issue1742205
*/
webrev: http://cr.openjdk.java.net/~martin/webrevs/openjdk9/zip-DataDescriptorSignatureMissing/
/*
* Local headers for DEFLATED entries may optionally be followed by a
* data descriptor, and that data descriptor may optionally contain a
* leading signature (EXTSIG).
*
* From the zip spec http://www.pkware.com/documents/casestudies/APPNOTE.TXT
*
* """Although not originally assigned a signature, the value 0x08074b50
* has commonly been adopted as a signature value for the data descriptor
* record. Implementers should be aware that ZIP files may be
* encountered with or without this signature marking data descriptors
* and should account for either case when reading ZIP files to ensure
* compatibility."""
*
* As of 2014-08, python's zipfile implementation does not include the
* optional signature, but other implementations (including openjdk) do.
*
* ZipFile.writestr writes incorrect extended local headers
* http://bugs.python.org/issue1742205
*/
- backported by
-
JDK-8084332 ZipInputStream does not correctly handle local header data descriptors with the optional signature missing
-
- Resolved
-
- relates to
-
JDK-8249832 java/util/zip/DataDescriptorSignatureMissing.java uses @ignore w/o bug-id
-
- Resolved
-
-
JDK-4635869 ZipInputStream fails to read certain valid zip archives
-
- Closed
-