archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 14:54:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8242882: opening jar file with large manifest might throw NegativeArraySizeException

Browse source 
Reviewed-by: bchristi, lancea
This commit is contained in:
Jaikiran Pai 2020-10-08 10:46:37 +00:00 committed by Lance Andersen
parent f86037207c
commit 782d45bdec
2 changed files with 85 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/java.base/share/classes/java/util/jar/JarFile.java
View file

@ -152,6 +152,8 @@ public class JarFile extends ZipFile {
private static final boolean MULTI_RELEASE_ENABLED;
private static final boolean MULTI_RELEASE_FORCED;
private static final ThreadLocal<Boolean> isInitializing = new ThreadLocal<>();
// The maximum size of array to allocate. Some VMs reserve some header words in an array.
private static final int MAX_ARRAY_SIZE = Integer.MAX_VALUE - 8;
private SoftReference<Manifest> manRef;
private JarEntry manEntry;
@ -788,7 +790,11 @@ public class JarFile extends ZipFile {
*/
private byte[] getBytes(ZipEntry ze) throws IOException {
try (InputStream is = super.getInputStream(ze)) {
int len = (int)ze.getSize();
long uncompressedSize = ze.getSize();
if (uncompressedSize > MAX_ARRAY_SIZE) {
throw new OutOfMemoryError("Required array size too large");
}
int len = (int)uncompressedSize;
int bytesRead;
byte[] b;
// trust specified entry sizes when reasonably small