[prev in list] [next in list] [prev in thread] [next in thread]
List: openjdk-nio-dev
Subject: Re: RFR: 8222807: Address iteration with invalid ZIP header entries
From: Lance Andersen <lance.andersen () oracle ! com>
Date: 2019-05-20 11:16:32
Message-ID: 66C50BE3-5BE5-4EF0-AEC7-275907F72299 () oracle ! com
[Download RAW message or body]
Hi Christoph,
Thank you for the review.
> On May 20, 2019, at 2:58 AM, Langer, Christoph <christoph.langer@sap.com> wrote:
>
> Hi Lance,
>
> I checked the code and it looks good to me.
>
> The comment in the test (line 46) should probably be more like: "Validate that you \
> can iterate a ZIP file with invalid ZIP header entries".
Sure I can update that prior to pushing.
Best
lance
>
> Best regards
> Christoph
>
>
> From: nio-dev <nio-dev-bounces@openjdk.java.net \
> <mailto:nio-dev-bounces@openjdk.java.net>> On Behalf Of Lance \
> Andersen
> Sent: Samstag, 18. Mai 2019 22:59
> To: Claes Redestad <claes.redestad@oracle.com <mailto:claes.redestad@oracle.com>>
> Cc: nio-dev <nio-dev@openjdk.java.net <mailto:nio-dev@openjdk.java.net>>
> Subject: Re: RFR: 8222807: Address iteration with invalid ZIP header entries
>
> Hi Claes,
>
> Thank you for the feedback.
> On May 17, 2019, at 9:14 PM, Claes Redestad <claes.redestad@oracle.com \
> <mailto:claes.redestad@oracle.com>> wrote:
> Hi Lance,
>
> since needing to normalize should be very rare in practice it might be
> profitable to outline that case, see similar code in
> UnixFileSystem::normalize
>
> Per your suggestion, I made the change and it can be found at: \
> http://cr.openjdk.java.net/~lancea/8222807/webrev.01/index.html \
> <http://cr.openjdk.java.net/~lancea/8222807/webrev.01/index.html>
> Mach5 tier1, tier2 and tier3 runs are clean
>
>
>
> You introduced int len = path.length but then use path.length
> in most places.
>
> Thank you again.
>
> Best
> Lance
>
>
> /Claes
>
> On 2019-05-18 01:46, Lance Andersen wrote:
>
> Hi all.
> Please review the webrev for 8222807. This deals with ZIP header entries such as \
> "foo//". resulting in issues walking walking through a ZIP archive. The webrev can \
> be found at: http://cr.openjdk.java.net/~lancea/8222807/webrev.00/index.html \
> <http://cr.openjdk.java.net/~lancea/8222807/webrev.00/index.html>. I have verified \
> that the mach5 tier1, tier2, and tier3 tests all pass. Thank you and have a good \
> weekend. Best
> Lance
> <http://oracle.com/us/design/oracle-email-sig-198324.gif \
> <http://oracle.com/us/design/oracle-email-sig-198324.gif>> \
> <http://oracle.com/us/design/oracle-email-sig-198324.gif \
> <http://oracle.com/us/design/oracle-email-sig-198324.gif>><http://oracle.com/us/design/oracle-email-sig-198324.gif \
> <http://oracle.com/us/design/oracle-email-sig-198324.gif>> \
> <http://oracle.com/us/design/oracle-email-sig-198324.gif \
> <http://oracle.com/us/design/oracle-email-sig-198324.gif>>Lance Andersen| Principal \
> Member of Technical Staff | +1.781.442.2037 Oracle Java Engineering
> 1 Network Drive
> Burlington, MA 01803
> Lance.Andersen@oracle.com <mailto:Lance.Andersen@oracle.com> \
> <mailto:Lance.Andersen@oracle.com <mailto:Lance.Andersen@oracle.com>>
> <image001.gif> <http://oracle.com/us/design/oracle-email-sig-198324.gif>
>
> <http://oracle.com/us/design/oracle-email-sig-198324.gif>Lance Andersen| Principal \
> Member of Technical Staff | +1.781.442.2037 Oracle Java Engineering
> 1 Network Drive
> Burlington, MA 01803
> Lance.Andersen@oracle.com <mailto:Lance.Andersen@oracle.com>
>
>
>
>
<http://oracle.com/us/design/oracle-email-sig-198324.gif>
<http://oracle.com/us/design/oracle-email-sig-198324.gif> \
<http://oracle.com/us/design/oracle-email-sig-198324.gif> \
<http://oracle.com/us/design/oracle-email-sig-198324.gif>Lance Andersen| Principal \
Member of Technical Staff | +1.781.442.2037 Oracle Java Engineering
1 Network Drive
Burlington, MA 01803
Lance.Andersen@oracle.com <mailto:Lance.Andersen@oracle.com>
[Attachment #3 (multipart/related)]
[Attachment #5 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html \
charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space;" class="">Hi Christoph,<div class=""><br \
class=""></div><div class="">Thank you for the review.<br class=""><div><blockquote \
type="cite" class=""><div class="">On May 20, 2019, at 2:58 AM, Langer, Christoph \
<<a href="mailto:christoph.langer@sap.com" \
class="">christoph.langer@sap.com</a>> wrote:</div><br \
class="Apple-interchange-newline"><div class=""><div class="WordSection1" \
style="page: WordSection1; font-family: Helvetica; font-size: 15px; font-style: \
normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div style="margin: 0cm 0cm \
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span \
class="">Hi Lance,<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm \
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span \
class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" \
class="">I checked the code and it looks good to me.<o:p \
class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; \
font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""><o:p \
class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: \
11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">The \
comment in the test (line 46) should probably be more like: "Validate that you can \
iterate a ZIP file with invalid ZIP header \
entries".</span></div></div></div></blockquote><div><br class=""></div>Sure I can \
update that prior to pushing.</div><div><br \
class=""></div><div>Best</div><div>lance<br class=""><blockquote type="cite" \
class=""><div class=""><div class="WordSection1" style="page: WordSection1; \
font-family: Helvetica; font-size: 15px; font-style: normal; font-variant-caps: \
normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px;"><div style="margin: 0cm 0cm 0.0001pt; font-size: \
11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""><o:p \
class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; \
font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""><o:p \
class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: \
11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">Best \
regards<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" \
class="">Christoph<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm \
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span \
lang="EN-US" class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm \
0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span \
lang="EN-US" class=""><o:p class=""> </o:p></span></div><div class=""><div \
style="border-style: solid none none; border-top-width: 1pt; border-top-color: \
rgb(225, 225, 225); padding: 3pt 0cm 0cm;" class=""><div style="margin: 0cm 0cm \
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b \
class=""><span lang="EN-US" class="">From:</span></b><span lang="EN-US" \
class=""><span class="Apple-converted-space"> </span>nio-dev <<a \
href="mailto:nio-dev-bounces@openjdk.java.net" style="color: purple; text-decoration: \
underline;" class="">nio-dev-bounces@openjdk.java.net</a>><span \
class="Apple-converted-space"> </span><b class="">On Behalf Of<span \
class="Apple-converted-space"> </span></b>Lance Andersen<br class=""><b \
class="">Sent:</b><span class="Apple-converted-space"> </span>Samstag, 18. Mai \
2019 22:59<br class=""><b class="">To:</b><span \
class="Apple-converted-space"> </span>Claes Redestad <<a \
href="mailto:claes.redestad@oracle.com" style="color: purple; text-decoration: \
underline;" class="">claes.redestad@oracle.com</a>><br class=""><b \
class="">Cc:</b><span class="Apple-converted-space"> </span>nio-dev <<a \
href="mailto:nio-dev@openjdk.java.net" style="color: purple; text-decoration: \
underline;" class="">nio-dev@openjdk.java.net</a>><br class=""><b \
class="">Subject:</b><span class="Apple-converted-space"> </span>Re: RFR: \
8222807: Address iteration with invalid ZIP header entries<o:p \
class=""></o:p></span></div></div></div><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p \
class=""> </o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; \
font-family: Calibri, sans-serif;" class="">Hi Claes,<o:p class=""></o:p></div><div \
class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, \
sans-serif;" class=""><o:p class=""> </o:p></div></div><div style="margin: 0cm \
0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Thank you \
for the feedback.<o:p class=""></o:p></div><div class=""><blockquote \
style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div class=""><div \
style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" \
class="">On May 17, 2019, at 9:14 PM, Claes Redestad <<a \
href="mailto:claes.redestad@oracle.com" style="color: purple; text-decoration: \
underline;" class="">claes.redestad@oracle.com</a>> wrote:<o:p \
class=""></o:p></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; \
font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div \
class=""><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; \
font-family: Calibri, sans-serif;" class="">Hi Lance,<br class=""><br class="">since \
needing to normalize should be very rare in practice it might be<br \
class="">profitable to outline that case, see similar code in<br \
class="">UnixFileSystem::normalize<o:p \
class=""></o:p></div></div></div></blockquote><div class=""><div style="margin: 0cm \
0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p \
class=""> </o:p></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: \
11pt; font-family: Calibri, sans-serif;" class="">Per your suggestion, I made the \
change and it can be found at: <a \
href="http://cr.openjdk.java.net/~lancea/8222807/webrev.01/index.html" style="color: \
purple; text-decoration: underline;" \
class="">http://cr.openjdk.java.net/~lancea/8222807/webrev.01/index.html</a><o:p \
class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p \
class=""> </o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class="">Mach5 tier1, tier2 and \
tier3 runs are clean<o:p class=""></o:p></div></div><div class=""><div style="margin: \
0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><br \
class=""><br class=""><o:p class=""></o:p></div><blockquote style="margin-top: 5pt; \
margin-bottom: 5pt;" class=""><div class=""><div class=""><div style="margin: 0cm 0cm \
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><br \
class="">You introduced int len = path.length but then use path.length<br class="">in \
most places.<o:p class=""></o:p></div></div></div></blockquote><div class=""><div \
style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" \
class=""><o:p class=""> </o:p></div></div><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class="">Thank you again.<o:p \
class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p \
class=""> </o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class="">Best<o:p \
class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class="">Lance<br class=""><br \
class=""><o:p class=""></o:p></div><blockquote style="margin-top: 5pt; margin-bottom: \
5pt;" class=""><div class=""><div class=""><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class=""><br class="">/Claes<br \
class=""><br class="">On 2019-05-18 01:46, Lance Andersen wrote:<br class=""><br \
class=""><o:p class=""></o:p></div><blockquote style="margin-top: 5pt; margin-bottom: \
5pt;" class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: \
Calibri, sans-serif;" class="">Hi all.<br class="">Please review the webrev \
for 8222807. This deals with ZIP header entries such as "foo//". \
resulting in issues walking walking through a ZIP archive.<br class="">The webrev can \
be found at:<span class="Apple-converted-space"> </span><a \
href="http://cr.openjdk.java.net/~lancea/8222807/webrev.00/index.html" style="color: \
purple; text-decoration: underline;" \
class="">http://cr.openjdk.java.net/~lancea/8222807/webrev.00/index.html</a>.<br \
class="">I have verified that the mach5 tier1, tier2, and tier3 tests all pass.<br \
class="">Thank you and have a good weekend.<br class="">Best<br class="">Lance<br \
class=""><<a href="http://oracle.com/us/design/oracle-email-sig-198324.gif" \
style="color: purple; text-decoration: underline;" \
class="">http://oracle.com/us/design/oracle-email-sig-198324.gif</a>><br \
class=""><<a href="http://oracle.com/us/design/oracle-email-sig-198324.gif" \
style="color: purple; text-decoration: underline;" \
class="">http://oracle.com/us/design/oracle-email-sig-198324.gif</a>><<a \
href="http://oracle.com/us/design/oracle-email-sig-198324.gif" style="color: purple; \
text-decoration: underline;" \
class="">http://oracle.com/us/design/oracle-email-sig-198324.gif</a>><br \
class=""><<a href="http://oracle.com/us/design/oracle-email-sig-198324.gif" \
style="color: purple; text-decoration: underline;" \
class="">http://oracle.com/us/design/oracle-email-sig-198324.gif</a>>Lance \
Andersen| Principal Member of Technical Staff | +1.781.442.2037<br \
class="">Oracle Java Engineering<br class="">1 Network Drive<br \
class="">Burlington, MA 01803<br class=""><a href="mailto:Lance.Andersen@oracle.com" \
style="color: purple; text-decoration: underline;" \
class="">Lance.Andersen@oracle.com</a><span \
class="Apple-converted-space"> </span><<a \
href="mailto:Lance.Andersen@oracle.com" style="color: purple; text-decoration: \
underline;" class="">mailto:Lance.Andersen@oracle.com</a>><o:p \
class=""></o:p></div></blockquote></div></div></blockquote></div><div style="margin: \
0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p \
class=""> </o:p></div><div class=""><div class=""><div style="margin: 0cm 0cm \
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span \
class="apple-style-span"><span style="font-size: 12pt; font-family: Verdana, \
sans-serif; color: rgb(102, 102, 102);" class=""><a \
href="http://oracle.com/us/design/oracle-email-sig-198324.gif" style="color: purple; \
text-decoration: underline;" class=""><span style="text-decoration: none;" \
class=""><span id="cid:image001.gif@01D50EEA.1F60C770"><image001.gif></span></span></a></span></span><span \
class="apple-style-span"><span style="font-size: 12pt; font-family: Verdana, \
sans-serif; color: rgb(102, 102, 102);" class=""><o:p \
class=""></o:p></span></span></div><div class=""><div style="margin: 0cm 0cm \
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span \
style="font-size: 13.5pt; font-family: Helvetica, sans-serif;" class=""><a \
href="http://oracle.com/us/design/oracle-email-sig-198324.gif" style="color: purple; \
text-decoration: underline;" class=""><br class=""></a></span><span style="font-size: \
12pt; font-family: Verdana, sans-serif; color: rgb(102, 102, 102);" class="">Lance \
Andersen| Principal Member of Technical Staff | +1.781.442.2037<br \
class=""></span><span style="font-size: 12pt; font-family: Verdana, sans-serif; \
color: red;" class="">Oracle</span><span style="font-size: 12pt; font-family: \
Verdana, sans-serif; color: rgb(102, 102, 102);" class=""> Java \
Engineering <br class="">1 Network Drive <br class="">Burlington, MA \
01803<br class=""></span><span style="font-size: 13.5pt; font-family: Helvetica, \
sans-serif;" class=""><a href="mailto:Lance.Andersen@oracle.com" style="color: \
purple; text-decoration: underline;" class=""><span style="font-size: 12pt; \
font-family: Verdana, sans-serif;" \
class="">Lance.Andersen@oracle.com</span></a></span><span style="font-size: 13.5pt; \
font-family: Helvetica, sans-serif;" class=""><o:p \
class=""></o:p></span></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: \
12pt; font-family: Helvetica, sans-serif;" class=""><o:p \
class=""> </o:p></span></div></div><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: \
12pt; font-family: Verdana, sans-serif; color: rgb(102, 102, 102);" class=""><br \
class=""><br class=""></span><o:p class=""></o:p></div></div></div><div \
style="border-style: none none none solid; border-left-width: 1.5pt; \
border-left-color: blue; padding: 0cm 0cm 0cm 4pt;" class=""><div class=""><div \
style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" \
class=""><o:p class=""> </o:p></div></div></div></div></div></blockquote></div><br \
class=""><div class=""> <div class=""><span class="Apple-style-span" \
style="border-collapse: separate; border-spacing: 0px; "><span \
class="Apple-style-span" style="color: rgb(102, 102, 102); font-family: Verdana, \
Arial, Helvetica, sans-serif; font-size: small; "><a \
href="http://oracle.com/us/design/oracle-email-sig-198324.gif" class=""><span><img \
apple-inline="yes" id="4785242B-8208-44FA-8719-3A2E41DF360B" \
src="cid:E1C4E2F0-ECD0-4C9D-ADB4-B16CA7BCB7FC@home" class=""></span></a><div \
style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: \
normal; font-variant: normal; font-weight: normal; letter-spacing: normal; \
line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; " class=""><a \
href="http://oracle.com/us/design/oracle-email-sig-198324.gif" class=""><span \
class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; \
"><span class="Apple-style-span" style="color: rgb(102, 102, 102); font-family: \
Verdana, Arial, Helvetica, sans-serif; font-size: small; "></span></span></a><a \
href="http://oracle.com/us/design/oracle-email-sig-198324.gif" class=""><span \
</span></span></div>
</div><br class=""></div></body></html>
["oracle_sig_logo.gif" (oracle_sig_logo.gif)]
GIF89ar�������00`` \
PPpp@@�����������������������������������������������!������,����r����� \
$dihlp,t-� ��pX�t 79��̑h (Pxx`p'b^ E�ȦA�
�8
@"����[m}g�df_�Z% b'����Xx-s�
��k�������e^ ��q`�%���?w�y+�_����Ɛ��*�(�n&
x�p�s,)^1|�R-Į*_%
_���[_HB �ݦ͋8�AC�\�T M C~|��p��>@e�;����� \
2@YU �^|@A�Rgތ DBK%�hԙj$p9R��4 \
�,��OɥؘbA�s�i˞M��lv5:PJEG��P/X]�E$�@/R(Y% (b�8 \
�J`I&qBmzQ�!5�#JjF%7�{MϛÕ�@�`�N�DD@��Q@�$@ \
�d�E� ~��mϿ��(��h�&��6�F(� ���;
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic