Improve the handling of invalid UTF-8 byte sequences for ZipInputStream::getNextEntry and ZipFile::getComment

XMLWordPrintable

    • Type: CSR
    • Resolution: Unresolved
    • Priority: P4
    • 21-pool
    • Component/s: core-libs
    • None
    • behavioral
    • minimal
    • Hide
      Low risk change: ZIP file comments are rarely used, and no prior reports exist of ZipFile::getComment throwing exceptions in
      production.
      Show
      Low risk change: ZIP file comments are rarely used, and no prior reports exist of ZipFile::getComment throwing exceptions in production.
    • Java API

      Summary

      An IllegalArgumentException may be thrown by ZipFile::getComment if there is a problem decoding the bytes representing the Zip file comment.

      Problem

      ZipFile::getComment may throw an IllegalArgumentException if an error occurs when decoding the bytes which represent the Zip file comment. Unfortunately the specification for ZipFile::getComment does not specify that this method may throw an Exception.

      Solution

      In the event of an exception when decoding the byte array that represents the Zip file comment, ZipFile::getComment will now return null instead of a spurious IllegalArgumentException.

      Specification

      The ZipFile::getComment specification will be updated to the following:

      diff --git a/src/java.base/share/classes/java/util/zip/ZipFile.java b/src/java.base/share/classes/java/util/zip/ZipFile.java
index cb9070fc885..391675a955f 100644
--- a/src/java.base/share/classes/java/util/zip/ZipFile.java
+++ b/src/java.base/share/classes/java/util/zip/ZipFile.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -305,7 +305,9 @@ public class ZipFile implements ZipConstants, Closeable {
     }
 
     /**
-     * Returns the zip file comment, or null if none.
+     * Returns the zip file comment. If a comment does not exist or an error is
+     * encountered decoding the comment using the charset specified
+     * when opening the Zip file, then {@code null} is returned.
      *
      * @return the comment string for the zip file, or null if none
      *
@@ -319,7 +321,13 @@ public class ZipFile implements ZipConstants, Closeable {
             if (res.zsrc.comment == null) {
                 return null;
             }
-            return res.zsrc.zc.toString(res.zsrc.comment);
+            // If there is a problem decoding the byte array which represents
+            // the Zip file comment, return null;
+            try {
+                return res.zsrc.zc.toString(res.zsrc.comment);
+            } catch (IllegalArgumentException iae) {
+                return null;
+            }
         }
     }

            Assignee:
            Roland Mesde
            Reporter:
            Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: