[
https://issues.apache.org/jira/browse/COMPRESS-351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15244611#comment-15244611
]
Stefan Bodewig commented on COMPRESS-351:
-----------------------------------------
You are correct, the name may be included in other exceptions as well - like
failing to parse extra fields or unsupported zip features being requested -
anything of which may well happen if the archive is corrupt.
Leaving it to the application doesn't feel right to me. If you log an exception
you don't expect it to contain "garbage" in its message - and as it stands we'd
have to add a disclaimer of "any exception may contain garbage if the archive
is corrupt" to {{ZipArchiveInputStream}}. {{ZipFile}} is safe in most cases as
it won't find any "end of central directory" record and fail with a usable
message.
I guess sanitizing all entry names that are leaked via exceptions is the best
route.
> Defective .zip-archive produces problematic error message
> ---------------------------------------------------------
>
> Key: COMPRESS-351
> URL: https://issues.apache.org/jira/browse/COMPRESS-351
> Project: Commons Compress
> Issue Type: Bug
> Components: Archivers
> Affects Versions: 1.11
> Environment: Production
> Reporter: Sven Kustos
> Fix For: 1.12
>
> Attachments: DefectiveZipFileCausingBeeps.ZIP
>
>
> A truncated .zip-File produces an java.io.EOFException conatining a hughe
> amount of byte[]-data in the error-message - leading to beeps and crippeling
> workload in an potential console-logger.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
