Mercurial > hg > openjdk > icedtea > jdk7 > jdk
changeset 5010:e3790f3ce50a jdk7u3-b02
7118283: Better input parameter checking in zip file processing
Summary: Fixed off-by-one bug in zip_util.c
Reviewed-by: asaha
author | sherman |
---|---|
date | Mon, 05 Dec 2011 21:01:03 -0800 |
parents | f6c918c35c00 |
children | 077eec16bb82 |
files | src/share/native/java/util/zip/zip_util.c test/java/util/zip/ZipFile/VmCrash.java test/java/util/zip/ZipFile/vmcrash.zip |
diffstat | 3 files changed, 48 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/native/java/util/zip/zip_util.c Fri Dec 02 10:44:11 2011 +0400 +++ b/src/share/native/java/util/zip/zip_util.c Mon Dec 05 21:01:03 2011 -0800 @@ -521,7 +521,7 @@ { jint count = 0; ptrdiff_t i; - for (i = 0; i + CENHDR < end - beg; i += CENSIZE(beg + i)) + for (i = 0; i + CENHDR <= end - beg; i += CENSIZE(beg + i)) count++; return count; }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/util/zip/ZipFile/VmCrash.java Mon Dec 05 21:01:03 2011 -0800 @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + @bug 7118283 + @summary Test if a corrupted zip file crashes VM + */ + +import java.util.zip.*; +import java.io.*; +import java.util.*; + +public class VmCrash { + public static void main(String[] argv) throws Exception { + try { + ZipFile zf = new ZipFile(new File(System.getProperty("test.src","."), + "vmcrash.zip")); + for (Enumeration e = zf.entries(); e.hasMoreElements();) { + System.out.println(e.nextElement()); + } + throw new RuntimeException("Corrupted zip read without exception"); + } catch (ZipException ex) { + System.out.println("expected ZipException:"); + //ex.printStackTrace(); + } + } +}