The ZipFileSystem initCEN method lacks two validation checks currently included in the corresponding ZipFile implementation:
That the END header's CEN length does not exceed the JDK array implementation limit. SeeJDK-8272746.
That the END header's total CEN entry count does not exceed the maximum number of CEN headers encodable within the CEN byte array. SeeJDK-8341625.
These checks should be added to ZipFileSystem such that the valodation logic is aligned across implementation.
That the END header's CEN length does not exceed the JDK array implementation limit. See
That the END header's total CEN entry count does not exceed the maximum number of CEN headers encodable within the CEN byte array. See
These checks should be added to ZipFileSystem such that the valodation logic is aligned across implementation.
- relates to
-
JDK-8272746 ZipFile can't open big file (NegativeArraySizeException)
-
- Resolved
-
-
JDK-8341625 Improve ZipFile validation of the END header
-
- Resolved
-