-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jar: skip corrupt jar files #1049
Conversation
Codecov ReportPatch coverage is
📢 Thoughts on this report? Let us know!. |
Great stuff, thanks for the example jar. The change LGTM, it'd be create to have a test case around it. I'm thinking of either:
Thoughts? |
Yup, very reasonable to have a test, I only didn't include one as I couldn't see any existing ones to extend covering error scenarios. I'm unsure if there's a freely available image containing the corrupt |
I've added an integration test in the existing pattern. Passes for me locally, and fails without the code fix. |
39f9baf
to
15991a2
Compare
15991a2
to
6f5be56
Compare
Great, thanks for adding that, it looks like the average CI time is no slower so LGTM, just going to check this flaky test isn't indicative of something in this patch... |
6f5be56
to
012a54b
Compare
Why not figure out how the jar is corrupted and create a jar in-test that's suitably mangled? |
If you'd like that, I'd appreciate assistance as I fear it may take some time to pick through the zip specs and fiddling to get an equivalent manufactured recreate. My team has several other urgent priorities, so the time I can invest right now is limited. As the jar example in the description is a public DB2 sample, I think it could be used without licencing concerns, which may make reverse engineering to create an equivalent unnecessary. |
Is there anything needed from me to make this mergable? I'd like to get into the next release, as we have users affected by this |
So I opened up the offending jar in a hex editor (after finding it, the comment in the test is wrong) and found that the offset for the central directory footer somehow has the wrong offset: It's off by 3 bytes (for 3 entries, so I think the producer has an off-by-one error somewhere). I'll knock together some code to generate a similarly broken zip in the test. Here's an IPS patch to fix if you're interested: |
012a54b
to
bd37ccd
Compare
Should be good to go. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, nice work debugging the corruption, just one question
bd37ccd
to
546f138
Compare
Signed-off-by: Mark Frost <[email protected]> Signed-off-by: Hank Donnay <[email protected]>
546f138
to
c3ca57f
Compare
Some types of jar file corruption don't cause errors as soon as the file is opened with
archive/zip
, but only later when the scanner looks for specific zip entries. Currently the error causes the indexing to fail completely.So: Log and skip any jar files where
archive/zip
errors with "not a zip file"Example of a weirdly corrupt jar:
https://github.com/IBM/db2-samples/blob/master/repl/xmlpubtk/loadqueue/LoadQueue.jar