-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 8u25
-
Component/s: core-libs
-
None
-
b65
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8084874 | emb-9 | Jeremy Manson | P3 | Resolved | Fixed | team |
| JDK-8080043 | 8u441 | Ravi Reddy | P3 | Resolved | Fixed | b01 |
zip_entry.c has a buffer underflow when a zip entry name is 0-length. It unilaterally checks for a slash at the end of the name, and if the name is empty, it checks at offset -1. Fix:
--- a/src/java.base/share/native/libzip/zip_util.c Thu May 07 10:19:34 2015 -0700
+++ b/src/java.base/share/native/libzip/zip_util.c Fri May 08 10:52:58 2015 -0700
@@ -1206,7 +1206,7 @@
}
/* Slash is already there? */
- if (name[ulen-1] == '/') {
+ if (ulen > 0 && name[ulen - 1] == '/') {
break;
}
--- a/src/java.base/share/native/libzip/zip_util.c Thu May 07 10:19:34 2015 -0700
+++ b/src/java.base/share/native/libzip/zip_util.c Fri May 08 10:52:58 2015 -0700
@@ -1206,7 +1206,7 @@
}
/* Slash is already there? */
- if (name[ulen-1] == '/') {
+ if (ulen > 0 && name[ulen - 1] == '/') {
break;
}
- backported by
-
JDK-8080043 Buffer underflow with empty zip entry names
-
- Resolved
-
-
-
- Resolved
-