Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8186334: JarFile throws ArrayIndexOutOfBoundsException when the manifest contains certain characters
authorredestad
Tue, 22 Aug 2017 07:52:16 +0200
changeset 46891 af2705de4a3c
parent 46890 136ed8eef97b
child 46892 fd5023dd3c85
8186334: JarFile throws ArrayIndexOutOfBoundsException when the manifest contains certain characters Reviewed-by: psandoz, bchristi
jdk/src/java.base/share/classes/java/util/jar/JarFile.java file | annotate | diff | comparison | revisions
jdk/test/java/util/jar/JarFile/JarBacktickManifest.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/java.base/share/classes/java/util/jar/JarFile.java	Mon Aug 21 14:14:01 2017 +0000
+++ b/jdk/src/java.base/share/classes/java/util/jar/JarFile.java	Tue Aug 22 07:52:16 2017 +0200
@@ -25,21 +25,36 @@
 
 package java.util.jar;
 
-import java.io.*;
-import java.lang.ref.SoftReference;
-import java.net.URL;
-import java.util.*;
-import java.util.stream.Stream;
-import java.util.stream.StreamSupport;
-import java.util.zip.*;
-import java.security.CodeSigner;
-import java.security.cert.Certificate;
-import java.security.CodeSource;
 import jdk.internal.misc.SharedSecrets;
 import sun.security.action.GetPropertyAction;
 import sun.security.util.ManifestEntryVerifier;
 import sun.security.util.SignatureFileVerifier;
 
+import java.io.ByteArrayInputStream;
+import java.io.EOFException;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.ref.SoftReference;
+import java.net.URL;
+import java.security.CodeSigner;
+import java.security.CodeSource;
+import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
+import java.util.NoSuchElementException;
+import java.util.Objects;
+import java.util.Spliterator;
+import java.util.Spliterators;
+import java.util.stream.Stream;
+import java.util.stream.StreamSupport;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipException;
+import java.util.zip.ZipFile;
+
 /**
  * The {@code JarFile} class is used to read the contents of a jar file
  * from any file that can be opened with {@code java.io.RandomAccessFile}.
@@ -848,7 +863,7 @@
     private static final byte[] MULTIRELEASE_OPTOSFT;
 
     static {
-        CLASSPATH_LASTOCC = new byte[64];
+        CLASSPATH_LASTOCC = new byte[65];
         CLASSPATH_OPTOSFT = new byte[12];
         CLASSPATH_LASTOCC[(int)'C' - 32] = 1;
         CLASSPATH_LASTOCC[(int)'L' - 32] = 2;
@@ -865,7 +880,7 @@
         }
         CLASSPATH_OPTOSFT[11] = 1;
 
-        MULTIRELEASE_LASTOCC = new byte[64];
+        MULTIRELEASE_LASTOCC = new byte[65];
         MULTIRELEASE_OPTOSFT = new byte[19];
         MULTIRELEASE_LASTOCC[(int)'M' - 32] = 1;
         MULTIRELEASE_LASTOCC[(int)'I' - 32] = 5;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/util/jar/JarFile/JarBacktickManifest.java	Tue Aug 22 07:52:16 2017 +0200
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8186334
+ * @library /lib/testlibrary/java/util/jar
+ * @build JarBuilder
+ * @run testng JarBacktickManifest
+ * @summary Make sure scanning manifest doesn't throw AIOOBE on certain strings
+ *          containing backticks.
+ */
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.util.jar.JarFile;
+
+import org.testng.Assert;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+public class JarBacktickManifest {
+
+    public static final String VERIFY_MANIFEST_JAR = "verifyManifest.jar";
+
+    @BeforeClass
+    public void initialize() throws Exception {
+        JarBuilder jb = new JarBuilder(VERIFY_MANIFEST_JAR);
+        jb.addAttribute("Test", " Class-`Path` ");
+        jb.addAttribute("Test2", " Multi-`Release ");
+        jb.build();
+    }
+
+    @Test
+    public void test() throws Exception {
+        try (JarFile jf = new JarFile(VERIFY_MANIFEST_JAR)) {  // do not set runtime versioning
+            Assert.assertFalse(jf.isMultiRelease(), "Shouldn't be multi-release");
+        }
+    }
+
+    @AfterClass
+    public void close() throws IOException {
+        Files.delete(new File(VERIFY_MANIFEST_JAR).toPath());
+    }
+}
jdk-sandbox