Mercurial > hg > openjdk > icedtea > jdk7 > jdk
changeset 2538:1e0c3e864fb1
4853493: GZIPOutputStream passes a reference to a private array into an untrusted method
Summary: create a new header byte array for each header writeout
Reviewed-by: martin
| author | sherman |
|---|---|
| date | Mon, 17 May 2010 16:18:13 -0700 |
| parents | 43f83a2cf5b5 |
| children | b3466e2c3819 |
| files | src/share/classes/java/util/zip/GZIPOutputStream.java |
| diffstat | 1 files changed, 12 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/java/util/zip/GZIPOutputStream.java Mon May 17 12:19:49 2010 -0700 +++ b/src/share/classes/java/util/zip/GZIPOutputStream.java Mon May 17 16:18:13 2010 -0700 @@ -179,22 +179,19 @@ /* * Writes GZIP member header. */ - - private final static byte[] header = { - (byte) GZIP_MAGIC, // Magic number (short) - (byte)(GZIP_MAGIC >> 8), // Magic number (short) - Deflater.DEFLATED, // Compression method (CM) - 0, // Flags (FLG) - 0, // Modification time MTIME (int) - 0, // Modification time MTIME (int) - 0, // Modification time MTIME (int) - 0, // Modification time MTIME (int) - 0, // Extra flags (XFLG) - 0 // Operating system (OS) - }; - private void writeHeader() throws IOException { - out.write(header); + out.write(new byte[] { + (byte) GZIP_MAGIC, // Magic number (short) + (byte)(GZIP_MAGIC >> 8), // Magic number (short) + Deflater.DEFLATED, // Compression method (CM) + 0, // Flags (FLG) + 0, // Modification time MTIME (int) + 0, // Modification time MTIME (int) + 0, // Modification time MTIME (int) + 0, // Modification time MTIME (int) + 0, // Extra flags (XFLG) + 0 // Operating system (OS) + }); } /*