...
In this compliant solution, the code inside the while loop uses the ZipEntry.getSize() to find the uncompressed filesize of each entry in a zip archive before extracting the entry. It throws an exception if the entry to be extracted is too large — 100MB in this case.
| Code Block | ||
|---|---|---|
| ||
static final int TOOBIG = 0x6400000; // 100MB // ... // write the files to the disk, -but only if file is not insanely big const int TOOBIG = 0x6400000; // 100MB if (entry.getSize() > TOOBIG) { throw new RuntimeException("File to be unzipped is huge."); } if (entry.getSize() == -1) { throw new RuntimeException("File to be unzipped might be huge."); } FileOutputStream fos = new FileOutputStream(entry.getName()); dest = new BufferedOutputStream(fos, BUFFER); while ((count = zis.read(data, 0, BUFFER)) != -1) { dest.write(data, 0, count); } |
...