A zip file local header may be optionally followed by a "data descriptor", and that may optionally include a signature. ZipInputStream has code to handle the situation when the optional signature is missing, but it is buggy - off-by-one.

webrev: http://cr.openjdk.java.net/~martin/webrevs/openjdk9/zip-DataDescriptorSignatureMissing/

    /*
     * Local headers for DEFLATED entries may optionally be followed by a
     * data descriptor, and that data descriptor may optionally contain a
     * leading signature (EXTSIG).
     *
     * From the zip spec http://www.pkware.com/documents/casestudies/APPNOTE.TXT
     *
     * """Although not originally assigned a signature, the value 0x08074b50
     * has commonly been adopted as a signature value for the data descriptor
     * record. Implementers should be aware that ZIP files may be
     * encountered with or without this signature marking data descriptors
     * and should account for either case when reading ZIP files to ensure
     * compatibility."""
     *
     * As of 2014-08, python's zipfile implementation does not include the
     * optional signature, but other implementations (including openjdk) do.
     *
     * ZipFile.writestr writes incorrect extended local headers
     * http://bugs.python.org/issue1742205
     */