Re: RFR: 8377992: (zipfs) Align ZipFileSystem END header validation with the ZipFile implementation [v2]

Fri, 20 Feb 2026 10:09:43 -0800 

On Thu, 19 Feb 2026 18:44:32 GMT, Eirik Bjørsnøs <[email protected]> wrote:

>> Please review this PR which brings `jdk.nio.zipfs.ZipFileSystem` `END` 
>> header validation into behavioral alignment with the corresponding checks in 
>> `java.util.zip.ZipFile`.
>> 
>> This brings two validation checks over to `ZipFileSystem`:
>> 
>> * Rejection of END headers with a CEN size larger than 
>> `ArraysSupport.SOFT_MAX_ARRAY_LENGTH` (JDK-8272746)
>> * Rejection of END headers with a total entry count which cannot fit within 
>> the CEN byte array  (JDK-8341625)
>> 
>> Test vector setup in 
>> `test/jdk/java/util/zip/ZipFile/EndOfCenValidation.java` is extracted to a 
>> new test lib utility class `jdk.test.lib.util.ZipUtils`. 
>> `EndOfCenValidation` is then copied to `test/jdk/jdk/nio/zipfs` and adjusted 
>> to test `ZipFileSystem` instead of `ZipFile`.
>> 
>> Tangentially, `ZipFileSystem.findEND` is updated to make `END.centot` a 
>> `long` instead of an `int`. This avoids a narrowing conversion which 
>> otherwise prevents validating a larger than Integer.MAX_VALUE number of CEN 
>> entries.  Similar adjustments to `ZipFile` was done in JDK-8341625.
>> 
>> `ZipFile.Source.initCEN` is updated with some minor code style / code 
>> comment changes to make side-by-side diffs less noisy. Additionally, 
>> validated `end.cenlen` and `end.centot` values are now consistently 
>> converted to `int` using `Math.toIntExact`.
>
> Eirik Bjørsnøs has updated the pull request incrementally with three 
> additional commits since the last revision:
> 
>  - Replace ZipFile reference in clas comment with ZipFileSystem
>  - Remove spurious '*'
>  - Extract test vector setup into ZipUtils class reusable across 
> ZipFile/ZipFileSystem tests

test/jdk/jdk/nio/zipfs/EndOfCenValidation.java line 31:

> 29:  * @run junit/othervm EndOfCenValidation
> 30:  */
> 31: 

Here is an example of a blank line some might ask to have removed

test/jdk/jdk/nio/zipfs/EndOfCenValidation.java line 88:

> 86:     public void shouldRejectTooLargeCenSize() throws IOException {
> 87:         int size = MAX_CEN_SIZE + 1;
> 88: 

Another blank line example.

Again, I don't have a strong preference, but I have been asked in some PRs to 
consider it.

I wouldn't rush to do anything, my comment was more of an fyi

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/29747#discussion_r2834464258
PR Review Comment: https://git.openjdk.org/jdk/pull/29747#discussion_r2834469721

Reply via email to