Relates :
|
|
Relates :
|
A zip file local header may be optionally followed by a "data descriptor", and that may optionally include a signature. ZipInputStream has code to handle the situation when the optional signature is missing, but it is buggy - off-by-one. webrev: http://cr.openjdk.java.net/~martin/webrevs/openjdk9/zip-DataDescriptorSignatureMissing/ /* * Local headers for DEFLATED entries may optionally be followed by a * data descriptor, and that data descriptor may optionally contain a * leading signature (EXTSIG). * * From the zip spec http://www.pkware.com/documents/casestudies/APPNOTE.TXT * * """Although not originally assigned a signature, the value 0x08074b50 * has commonly been adopted as a signature value for the data descriptor * record. Implementers should be aware that ZIP files may be * encountered with or without this signature marking data descriptors * and should account for either case when reading ZIP files to ensure * compatibility.""" * * As of 2014-08, python's zipfile implementation does not include the * optional signature, but other implementations (including openjdk) do. * * ZipFile.writestr writes incorrect extended local headers * http://bugs.python.org/issue1742205 */