Bug 1412690 - OpenJDK creates corrupt JAR files with zlib-1.2.10
Summary: OpenJDK creates corrupt JAR files with zlib-1.2.10
Alias: None
Product: Fedora
Classification: Fedora
Component: java-1.8.0-openjdk
Version: rawhide
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Andrew John Hughes
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 1409372
TreeView+ depends on / blocked
Reported: 2017-01-12 14:58 UTC by Mikolaj Izdebski
Modified: 2017-01-16 21:43 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-01-16 21:43:05 UTC
Type: Bug

Attachments (Terms of Use)
Reproducer (813 bytes, text/plain)
2017-01-12 14:59 UTC, Mikolaj Izdebski
no flags Details

Description Mikolaj Izdebski 2017-01-12 14:58:22 UTC
Description of problem:
After upgrading zlib to 1.2.10 OpenJDK started to produce corrupt JAR files in some cases.

Version-Release number of selected component (if applicable):
zlib-1.2.10-1.fc26.x86_64 (scratch build, see bug #1409372)

Steps to Reproduce:
1. javac Bug1411984.java
2. java Bug1411984
3. jar xf /tmp/foo.jar

Actual results:
java.util.zip.ZipException: invalid entry size (expected 104269 but got 98812 bytes)
	at java.util.zip.ZipInputStream.readEnd(ZipInputStream.java:384)
	at java.util.zip.ZipInputStream.read(ZipInputStream.java:196)
	at java.util.zip.ZipInputStream.closeEntry(ZipInputStream.java:140)
	at sun.tools.jar.Main.extractFile(Main.java:1072)
	at sun.tools.jar.Main.extract(Main.java:981)
	at sun.tools.jar.Main.run(Main.java:311)
	at sun.tools.jar.Main.main(Main.java:1288)

Additional info:
zlib 1.2.10 is not yet in Fedora at the time of creating this bug. See bug #1409372.

Comment 1 Mikolaj Izdebski 2017-01-12 14:59:13 UTC
Created attachment 1239982 [details]

Comment 2 Pavel Raiskup 2017-01-12 15:46:55 UTC
Have you been able to diagnose whether this is result of zlib's API misuse,
or is that something to be resolved in zlib upstream?

Comment 3 Andrew John Hughes 2017-01-12 17:08:53 UTC
I can look into this, but it will have to wait until after the imminent OpenJDK security update.

In the meantime, a possible workaround is to disable the use of the system zlib, so OpenJDK reverts to using its in-tree version.

Comment 4 Mikolaj Izdebski 2017-01-13 04:29:45 UTC
(In reply to Pavel Raiskup from comment #2)
> Have you been able to diagnose whether this is result of zlib's API misuse,
> or is that something to be resolved in zlib upstream?

I don't know that, but I think that OpenJDK bug is more likely.

Comment 5 David GEIGER 2017-01-16 19:29:33 UTC
Just for Info:

Tested on Mageia some java build with zlib 1.2.11 and now they successfully built \o/

Comment 6 Omair Majid 2017-01-16 21:43:05 UTC
zlib (http://www.zlib.net/) says that 1.2.10 is broken:

"""Due to the bug fixes, any installations of 1.2.9 or 1.2.10 should be immediately replaced with 1.2.11"""

So I am closing this because this appears to be a bug in zlib (which as been fixed) rather than in OpenJDK.

Note You need to log in before you can comment on or make changes to this bug.