Bug 1412690

Summary: OpenJDK creates corrupt JAR files with zlib-1.2.10
Product: [Fedora] Fedora Reporter: Mikolaj Izdebski <mizdebsk>
Component: java-1.8.0-openjdkAssignee: Andrew John Hughes <ahughes>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: ahughes, dbhole, geiger.david68210, jerboaa, jvanek, mat.booth, msrb, omajid, praiskup
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-16 21:43:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1409372    
Attachments:
Description Flags
Reproducer none

Description Mikolaj Izdebski 2017-01-12 14:58:22 UTC 
Description of problem:
After upgrading zlib to 1.2.10 OpenJDK started to produce corrupt JAR files in some cases.

Version-Release number of selected component (if applicable):
java-1.8.0-openjdk-1.8.0.111-5.b16.fc26.x86_64
zlib-1.2.10-1.fc26.x86_64 (scratch build, see bug #1409372)

Steps to Reproduce:
1. javac Bug1411984.java
2. java Bug1411984
3. jar xf /tmp/foo.jar

Actual results:
java.util.zip.ZipException: invalid entry size (expected 104269 but got 98812 bytes)
	at java.util.zip.ZipInputStream.readEnd(ZipInputStream.java:384)
	at java.util.zip.ZipInputStream.read(ZipInputStream.java:196)
	at java.util.zip.ZipInputStream.closeEntry(ZipInputStream.java:140)
	at sun.tools.jar.Main.extractFile(Main.java:1072)
	at sun.tools.jar.Main.extract(Main.java:981)
	at sun.tools.jar.Main.run(Main.java:311)
	at sun.tools.jar.Main.main(Main.java:1288)

Additional info:
zlib 1.2.10 is not yet in Fedora at the time of creating this bug. See bug #1409372.
Comment 1 Mikolaj Izdebski 2017-01-12 14:59:13 UTC 
Created attachment 1239982 [details]
Reproducer
Comment 2 Pavel Raiskup 2017-01-12 15:46:55 UTC 
Have you been able to diagnose whether this is result of zlib's API misuse,
or is that something to be resolved in zlib upstream?
Comment 3 Andrew John Hughes 2017-01-12 17:08:53 UTC 
I can look into this, but it will have to wait until after the imminent OpenJDK security update.

In the meantime, a possible workaround is to disable the use of the system zlib, so OpenJDK reverts to using its in-tree version.
Comment 4 Mikolaj Izdebski 2017-01-13 04:29:45 UTC 
(In reply to Pavel Raiskup from comment #2)
> Have you been able to diagnose whether this is result of zlib's API misuse,
> or is that something to be resolved in zlib upstream?

I don't know that, but I think that OpenJDK bug is more likely.
Comment 5 David GEIGER 2017-01-16 19:29:33 UTC 
Just for Info:

Tested on Mageia some java build with zlib 1.2.11 and now they successfully built \o/
Comment 6 Omair Majid 2017-01-16 21:43:05 UTC 
zlib (http://www.zlib.net/) says that 1.2.10 is broken:

"""Due to the bug fixes, any installations of 1.2.9 or 1.2.10 should be immediately replaced with 1.2.11"""

So I am closing this because this appears to be a bug in zlib (which as been fixed) rather than in OpenJDK.