⚡ Zip: don't trust "getSize"

punkeel · punkeel · commit e0674a74ed13 · 2017-04-23T20:17:18.000+02:00
This method may return "-1", or wrong values. Relying on it is
dangerous.
+ add a TODO item: limit the max file size? We don't want to hold more
than X MB in memory, do we?
diff --git a/module/module-zip/src/main/java/xyz/docbleach/module/zip/ArchiveBleach.java b/module/module-zip/src/main/java/xyz/docbleach/module/zip/ArchiveBleach.java
@@ -73,15 +73,17 @@ private void sanitizeFile(BleachSession session, ZipInputStream zipIn, ZipOutput
         ByteArrayOutputStream streamBuilder = new ByteArrayOutputStream();
 
         int bytesRead;
-        byte[] tempBuffer = new byte[(int) entry.getSize()];
+        // @TODO: check real file size?
+        byte[] tempBuffer = new byte[1024];
         while ((bytesRead = zipIn.read(tempBuffer)) != -1) {
             streamBuilder.write(tempBuffer, 0, bytesRead);
         }
-        ByteArrayOutputStream out = new ByteArrayOutputStream();
-
         ByteArrayInputStream bais = new ByteArrayInputStream(streamBuilder.toByteArray());
         CloseShieldInputStream is = new CloseShieldInputStream(new BufferedInputStream(bais));
 
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+
+
         try {
             session.sanitize(is, out);
         } catch (RecursionBleachException e) {
