8226530: ZipFile reads wrong entry size from ZIP64 entries
Reviewed-by: bpb, clanger, shade
--- a/src/java.base/share/classes/java/util/zip/ZipEntry.java Wed Aug 07 09:17:08 2019 -0400
+++ b/src/java.base/share/classes/java/util/zip/ZipEntry.java Wed Aug 07 14:04:10 2019 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -522,7 +522,7 @@
* @see #getExtra()
*/
public void setExtra(byte[] extra) {
- setExtra0(extra, false);
+ setExtra0(extra, false, true);
}
/**
@@ -532,8 +532,11 @@
* the extra field data bytes
* @param doZIP64
* if true, set size and csize from ZIP64 fields if present
+ * @param isLOC
+ * true if setting the extra field for a LOC, false if for
+ * a CEN
*/
- void setExtra0(byte[] extra, boolean doZIP64) {
+ void setExtra0(byte[] extra, boolean doZIP64, boolean isLOC) {
if (extra != null) {
if (extra.length > 0xFFFF) {
throw new IllegalArgumentException("invalid extra field length");
@@ -550,15 +553,29 @@
switch (tag) {
case EXTID_ZIP64:
if (doZIP64) {
- // LOC extra zip64 entry MUST include BOTH original
- // and compressed file size fields.
- // If invalid zip64 extra fields, simply skip. Even
- // it's rare, it's possible the entry size happens to
- // be the magic value and it "accidently" has some
- // bytes in extra match the id.
- if (sz >= 16) {
- size = get64(extra, off);
- csize = get64(extra, off + 8);
+ if (isLOC) {
+ // LOC extra zip64 entry MUST include BOTH original
+ // and compressed file size fields.
+ // If invalid zip64 extra fields, simply skip. Even
+ // it's rare, it's possible the entry size happens to
+ // be the magic value and it "accidently" has some
+ // bytes in extra match the id.
+ if (sz >= 16) {
+ size = get64(extra, off);
+ csize = get64(extra, off + 8);
+ }
+ } else {
+ // CEN extra zip64
+ if (size == ZIP64_MAGICVAL) {
+ if (off + 8 > len) // invalid zip64 extra
+ break; // fields, just skip
+ size = get64(extra, off);
+ }
+ if (csize == ZIP64_MAGICVAL) {
+ if (off + 16 > len) // invalid zip64 extra
+ break; // fields, just skip
+ csize = get64(extra, off + 8);
+ }
}
}
break;
--- a/src/java.base/share/classes/java/util/zip/ZipFile.java Wed Aug 07 09:17:08 2019 -0400
+++ b/src/java.base/share/classes/java/util/zip/ZipFile.java Wed Aug 07 14:04:10 2019 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -673,7 +673,7 @@
e.method = CENHOW(cen, pos);
if (elen != 0) {
int start = pos + CENHDR + nlen;
- e.setExtra0(Arrays.copyOfRange(cen, start, start + elen), true);
+ e.setExtra0(Arrays.copyOfRange(cen, start, start + elen), true, false);
}
if (clen != 0) {
int start = pos + CENHDR + nlen + elen;
--- a/src/java.base/share/classes/java/util/zip/ZipInputStream.java Wed Aug 07 09:17:08 2019 -0400
+++ b/src/java.base/share/classes/java/util/zip/ZipInputStream.java Wed Aug 07 14:04:10 2019 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -321,7 +321,7 @@
byte[] extra = new byte[len];
readFully(extra, 0, len);
e.setExtra0(extra,
- e.csize == ZIP64_MAGICVAL || e.size == ZIP64_MAGICVAL);
+ e.csize == ZIP64_MAGICVAL || e.size == ZIP64_MAGICVAL, true);
}
return e;
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/java/util/zip/ZipFile/Zip64SizeTest.java Wed Aug 07 14:04:10 2019 -0400
@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.Test;
+
+import java.io.*;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipFile;
+import java.util.zip.ZipOutputStream;
+
+import static org.testng.Assert.assertTrue;
+
+/**
+ * @test
+ * @bug 8226530
+ * @summary ZIP File System tests that leverage DirectoryStream
+ * @modules java.base
+ * @compile Zip64SizeTest.java
+ * @run testng Zip64SizeTest
+ */
+public class Zip64SizeTest {
+
+ private static final int BUFFER_SIZE = 2048;
+ // ZIP file to create
+ private static final String ZIP_FILE_NAME = "Zip64SizeTest.zip";
+ // File that will be created with a size greater than 0xFFFFFFFF
+ private static final String LARGE_FILE_NAME = "LargeZipEntry.txt";
+ // File that will be created with a size less than 0xFFFFFFFF
+ private static final String SMALL_FILE_NAME = "SmallZipEntry.txt";
+ // List of files to be added to the ZIP file
+ private static final List<String> ZIP_ENTRIES = List.of(LARGE_FILE_NAME,
+ SMALL_FILE_NAME);
+ private static final long LARGE_FILE_SIZE = 5L * 1024L * 1024L * 1024L; // 5GB
+ private static final long SMALL_FILE_SIZE = 0x100000L; // 1024L x 1024L;
+
+ /**
+ * Validate that if the size of a ZIP entry exceeds 0xFFFFFFFF, that the
+ * correct size is returned from the ZIP64 Extended information.
+ * @throws IOException
+ */
+ @Test
+ private static void validateZipEntrySizes() throws IOException {
+ createFiles();
+ createZipFile();
+ System.out.println("Validating Zip Entry Sizes");
+ try (ZipFile zip = new ZipFile(ZIP_FILE_NAME)) {
+ ZipEntry ze = zip.getEntry(LARGE_FILE_NAME);
+ System.out.printf("Entry: %s, size= %s%n", ze.getName(), ze.getSize());
+ assertTrue(ze.getSize() == LARGE_FILE_SIZE);
+ ze = zip.getEntry(SMALL_FILE_NAME);
+ System.out.printf("Entry: %s, size= %s%n", ze.getName(), ze.getSize());
+ assertTrue(ze.getSize() == SMALL_FILE_SIZE);
+
+ }
+ }
+
+ /**
+ * Delete the files created for use by the test
+ * @throws IOException if an error occurs deleting the files
+ */
+ private static void deleteFiles() throws IOException {
+ Files.deleteIfExists(Path.of(ZIP_FILE_NAME));
+ Files.deleteIfExists(Path.of(LARGE_FILE_NAME));
+ Files.deleteIfExists(Path.of(SMALL_FILE_NAME));
+ }
+
+ /**
+ * Create the ZIP file adding an entry whose size exceeds 0xFFFFFFFF
+ * @throws IOException if an error occurs creating the ZIP File
+ */
+ private static void createZipFile() throws IOException {
+ try (FileOutputStream fos = new FileOutputStream(ZIP_FILE_NAME);
+ ZipOutputStream zos = new ZipOutputStream(fos)) {
+ System.out.printf("Creating Zip file: %s%n", ZIP_FILE_NAME);
+ for (String srcFile : ZIP_ENTRIES) {
+ System.out.printf("...Adding Entry: %s%n", srcFile);
+ File fileToZip = new File(srcFile);
+ try (FileInputStream fis = new FileInputStream(fileToZip)) {
+ ZipEntry zipEntry = new ZipEntry(fileToZip.getName());
+ zipEntry.setSize(fileToZip.length());
+ zos.putNextEntry(zipEntry);
+ byte[] bytes = new byte[BUFFER_SIZE];
+ int length;
+ while ((length = fis.read(bytes)) >= 0) {
+ zos.write(bytes, 0, length);
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * Create the files that will be added to the ZIP file
+ * @throws IOException if there is a problem creating the files
+ */
+ private static void createFiles() throws IOException {
+ try (RandomAccessFile largeFile = new RandomAccessFile(LARGE_FILE_NAME, "rw");
+ RandomAccessFile smallFile = new RandomAccessFile(SMALL_FILE_NAME, "rw")) {
+ System.out.printf("Creating %s%n", LARGE_FILE_NAME);
+ largeFile.setLength(LARGE_FILE_SIZE);
+ System.out.printf("Creating %s%n", SMALL_FILE_NAME);
+ smallFile.setLength(SMALL_FILE_SIZE);
+ }
+ }
+
+ /**
+ * Make sure the needed test files do not exist prior to executing the test
+ * @throws IOException
+ */
+ @BeforeMethod
+ public void setUp() throws IOException {
+ deleteFiles();
+ }
+
+ /**
+ * Remove the files created for the test
+ * @throws IOException
+ */
+ @AfterMethod
+ public void tearDown() throws IOException {
+ deleteFiles();
+ }
+}
\ No newline at end of file