4853493: GZIPOutputStream passes a reference to a private array into an untrusted method

Summary: create a new header byte array for each header writeout
Reviewed-by: martin

src/share/classes/java/util/zip/GZIPOutputStream.java

@@ -179,22 +179,19 @@ class GZIPOutputStream extends DeflaterOutputStream {
     /*
      * Writes GZIP member header.
      */
-
-    private final static byte[] header = {
-        (byte) GZIP_MAGIC,                // Magic number (short)
-        (byte)(GZIP_MAGIC >> 8),          // Magic number (short)
-        Deflater.DEFLATED,                // Compression method (CM)
-        0,                                // Flags (FLG)
-        0,                                // Modification time MTIME (int)
-        0,                                // Modification time MTIME (int)
-        0,                                // Modification time MTIME (int)
-        0,                                // Modification time MTIME (int)
-        0,                                // Extra flags (XFLG)
-        0                                 // Operating system (OS)
-    };
-
     private void writeHeader() throws IOException {
-        out.write(header);
+        out.write(new byte[] {
+                      (byte) GZIP_MAGIC,        // Magic number (short)
+                      (byte)(GZIP_MAGIC >> 8),  // Magic number (short)
+                      Deflater.DEFLATED,        // Compression method (CM)
+                      0,                        // Flags (FLG)
+                      0,                        // Modification time MTIME (int)
+                      0,                        // Modification time MTIME (int)
+                      0,                        // Modification time MTIME (int)
+                      0,                        // Modification time MTIME (int)
+                      0,                        // Extra flags (XFLG)
+                      0                         // Operating system (OS)
+                  });
     }
 
     /*