Bug ID: JDK-8303866 Allow ZipInputStream.readEnd to parse small Zip64 ZIP files

Type: Enhancement
Component: core-libs
Sub-Component: java.util.jar
Affected Version: 21

Priority: P4
Status: Resolved
Resolution: Fixed
OS: generic
CPU: generic

Submitted: 2023-03-09
Updated: 2024-05-10
Resolved: 2024-02-13

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 23
23 b10Fixed

ZipInputStream.readEnd currently expects 8-byte size and csize fields in the data descriptor header if and only if the actually numbers of compressed or uncompressed bytes exceeds the Zip64 limit of 0XFFFFFFFF.

This prevents parsing of small zip64 entries, such as the ones created using:

echo hello | zip -fd > hello.zip

The APPNOTE.txt specification indicates that such files are valid, so ZipInputStream should be able to parse them:

When extracting, if the zip64 extended information extra 
field is present for the file the compressed and 
uncompressed sizes will be 8 byte values.

The solution is to update ZipOutputStream.readEnd to check for the presence of Zip64 extra information fields in the LOC.

I've confirmed that this fix also fixes JDK-8298530.
10-05-2024
Changeset: 628cd8a4 Author: Eirik Bjørsnøs <eirbjo@openjdk.org> Date: 2024-02-13 16:26:37 +0000 URL: https://git.openjdk.org/jdk/commit/628cd8a489fd54db18204c3bbaf4339d7ab5e9d6
13-02-2024
We need to hold off this issue until https://github.com/openjdk/jdk/pull/15650 has been integrated as it impacts some of the changes proposed by this issue
28-10-2023
This bug is affecting the library Apache Tomcat uses to automatically migrate web applications from Java EE to Jakarta EE. https://github.com/apache/tomcat-jakartaee-migration/issues/46
18-04-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/12524 Date: 2023-02-12 15:41:55 +0000
29-03-2023

Blocks :	JDK-8314891 - Additional Zip64 extra header validation
CSR :	JDK-8323583 - Allow ZipInputStream.readEnd to parse small Zip64 ZIP files
Duplicate :	JDK-8298530 - ZipInputStream.readEnd fails for certain ZIP64 archives with small files
Relates :	JDK-8298530 - ZipInputStream.readEnd fails for certain ZIP64 archives with small files
Relates :	JDK-7073588 - ZipInput/OutputStream handling of the data descriptor is wrong for big entries