JDK-8313765 : Invalid CEN header (invalid zip64 extra data field size)
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.util.jar
  • Affected Version:
    11.0.20,11.0.20-oracle,17.0.8,17.0.8-oracle,21 11.0.20,11.0.20-oracle,17.0.8,17.0.8-oracle,21
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2023-08-04
  • Updated: 2024-01-23
  • Resolved: 2023-08-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 21 JDK 22
11.0.20.1Fixed 17.0.10-oracleFixed 21.0.1Fixed 22 b11Fixed
Related Reports
Duplicate :  
JDK-8315215 - Adding a manifest to an apk file corrupts the CEN header
Relates :  
JDK-8315215 - Adding a manifest to an apk file corrupts the CEN header
Relates :  
JDK-8314450 - ZipFile rejects ZIP file that some zip tools can parse without errors
Sub Tasks
JDK-8315828 :  
Release Note: Validations on ZIP64 Extra Fields - Resolved
Description
The following  ZipException may be thrown when the data contained in the CEN Extra fields are problematic:

      Invalid CEN header (invalid zip64 extra data field size)


The ZipException may occur due to:

 1. Some releases of Ant and commons-compress create CEN Zip64 extra headers with a size of 0 when Zip64 mode is required 
   - fixed in Commons-compress 1.11 (2016)  and  Ant 1.10.14 (2023).
 2. Extra field includes padding not included in the Extra data field headers
 3. The BND tool added problematic data to the extra field
    - fixed in BND 5.3 (2021) and  maven-bundle-plugin 5.1.5 which includes BND 5.3



The issue can demonstrated via the following ant script :

?xml version="1.0"?>
<project name="zip 64 jar test" basedir="." default="jar">
    <property name="jarFile"      value="test.jar"/>
    <property name="builddir"      value="classes"/>

    <target name="jar">
        <jar destfile="${jarFile}"
             zip64mode="always"
             basedir="${builddir}"/>
    </target>
</project>
Comments
The fix results in - Allowing for 0 length Extra headers as written by some tools - Handle padding in Extra fields not accounted for in the Extra header sizes An Exception will continue to be thrown for the BND bad data issue, the Exception now includes additional info in the Exception message
23-08-2023
11u/17u critical request We are releasing interim patchs for this fix: 17.0.8.1/11.0.20.1
22-08-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u/pull/376 Date: 2023-08-21 20:03:31 +0000
22-08-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u/pull/77 Date: 2023-08-21 20:05:53 +0000
21-08-2023
[~btaylor] Yes Ben , I had not created a PR for jdk21u , I see your PR , you can go ahead and push the fix once the fix is approved. Thanks.
21-08-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk21u/pull/72 Date: 2023-08-18 18:07:06 +0000
18-08-2023
@rreddy I don't see a PR for jdk21u, so I'll plan to create one unless you object. Contrary to your fix request, as far as I can tell, the backport is clean for jdk21u.
18-08-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk21/pull/173 Date: 2023-08-18 17:25:10 +0000
18-08-2023
Fix request (11u): Fixes a regression in zip behavior. Backport requires minimal changes as described on the PR. All tests in `test/jdk/java/util/zip` including those added in this commit are passing.
18-08-2023
Fix Request (21u) Fixes a regression where we are getting a Invalid CEN header even on positive cases in zip behaviour. Backport requires minimal changes. All tests in `test/jdk/java/util/zip` including those added in this commit are passing.
18-08-2023
Fix request (17u): Fixes a regression in zip behavior. Backport requires minimal changes as described on the PR. All tests in `test/jdk/java/util/zip` including those added in this commit are passing.
17-08-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/2084 Date: 2023-08-17 02:16:27 +0000
17-08-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/1670 Date: 2023-08-17 02:16:28 +0000
17-08-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk20u/pull/87 Date: 2023-08-17 02:16:29 +0000
17-08-2023
Changeset: 13f6450e Author: Lance Andersen <lancea@openjdk.org> Date: 2023-08-16 15:42:36 +0000 URL: https://git.openjdk.org/jdk/commit/13f6450e2e70df4df8bd882def837fbd5bef1524
16-08-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/15273 Date: 2023-08-14 14:52:00 +0000
14-08-2023