infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-16 13:25:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

4853493: GZIPOutputStream passes a reference to a private array into an untrusted method

Browse Source 
Create a new header byte array for each header writeout

Reviewed-by: martin
This commit is contained in:
Xueming Shen 2010-05-17 16:18:13 -07:00
parent 6d1dc62ab1
commit da26b0d878
1 changed files with 12 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
jdk/src/share/classes/java/util/zip/GZIPOutputStream.java
View File

@ -179,22 +179,19 @@ class GZIPOutputStream extends DeflaterOutputStream {
/*
* Writes GZIP member header.
*/
private final static byte[] header = {
(byte) GZIP_MAGIC, // Magic number (short)
(byte)(GZIP_MAGIC >> 8), // Magic number (short)
Deflater.DEFLATED, // Compression method (CM)
0, // Flags (FLG)
0, // Modification time MTIME (int)
0, // Modification time MTIME (int)
0, // Modification time MTIME (int)
0, // Modification time MTIME (int)
0, // Extra flags (XFLG)
0 // Operating system (OS)
};
private void writeHeader() throws IOException {
out.write(header);
out.write(new byte[] {
(byte) GZIP_MAGIC, // Magic number (short)
(byte)(GZIP_MAGIC >> 8), // Magic number (short)
Deflater.DEFLATED, // Compression method (CM)
0, // Flags (FLG)
0, // Modification time MTIME (int)
0, // Modification time MTIME (int)
0, // Modification time MTIME (int)
0, // Modification time MTIME (int)
0, // Extra flags (XFLG)
0 // Operating system (OS)
});
}
/*