[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-classpath] [bug #13663] ObjectInputStream.read has ArrayIndexOutOfB
From: |
anonymous |
Subject: |
[bug-classpath] [bug #13663] ObjectInputStream.read has ArrayIndexOutOfBounds and incorrect return value |
Date: |
Thu, 7 Jul 2005 02:31:29 +0000 |
User-agent: |
Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 8.0 |
URL:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=13663>
Summary: ObjectInputStream.read has ArrayIndexOutOfBounds and
incorrect return value
Project: classpath
Submitted by: None
Submitted on: Wed 07/06/2005 at 22:31
Category: classpath
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Platform Version: None
_______________________________________________________
Details:
There's some faulty logic in java.io.ObjectInputStream.read(byte[],int,int).
First, there is an assumption that the argument length is less than the size
of this.blockData. In fact, length could be many times the size of blockData,
so a loop is needed in this method. This error causes an
ArrayIndexOutOfBoundsException.
Second, the return value should be the number of bytes copied into data.
Instead it is length, which is decremented in the if block.
I have this error with JikesRVM using Classpath 0.15.
Attached are two files that demonstrate the bug:
% rvm SaveBytes
using file /tmp/test1120699003031.tmp
% rvm LoadBytes /tmp/test1120699003031.tmp
error at 132: breaks at 50 and 132
% java LoadBytes /tmp/test1120699003031.tmp
success
You can get the ArrayIndexOutOfBoundsException by editing LoadBytes to use a
larger third argument.
The read method is used when deserializing objects, which is how I discovered
the problem.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Wed 07/06/2005 at 22:31 Name: SaveBytes.java Size: 635B By: None
Creates a file filled with predictable bytes
<http://savannah.gnu.org/bugs/download.php?item_id=13663&item_file_id=2664>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=13663>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug-classpath] [bug #13663] ObjectInputStream.read has ArrayIndexOutOfBounds and incorrect return value,
anonymous <=