On Wed, 7 Dec 2022 18:53:32 GMT, Alexander Zuev <[email protected]> wrote:
>> src/java.desktop/share/classes/com/sun/media/sound/SoftMainMixer.java line >> 166: >> >>> 164: break; >>> 165: } >>> 166: // >>> http://www.midi.org/about-midi/tuning_extens.shtml >> >> Unrelated to change, but looks like those links become unavailable years ago. > > Yes. That's the problem referencing the external site for information. > Unfortunately the documentation layout on midi site changed and one needs to > read trough all of it to figure out the correct path that both relates to the > midi-1.0 standard that we support and is not overwritten by some later > addendum making it non-informative. We might want to track this under some issue, if not done already. >> src/java.desktop/share/classes/com/sun/media/sound/SoftMainMixer.java line >> 406: >> >>> 404: int ix = 0; >>> 405: for (int j = 6; j < data.length - >>> 1; j += 2) { >>> 406: destinations[ix] = data[j] & >>> 0xFF; >> >> Here is another possible AIOOOBE >> >> e.g. if `data` length is 8, we will have `destination` and `ranges` length >> of 0: >> >> >> int[] data = new int[8]; >> >> System.out.println("data len " + data.length); >> if (data.length < 7) { >> System.out.println("Prevent"); >> return; >> } >> >> int newSize = (data.length - 7) / 2; >> System.out.println("new size " + newSize); >> >> int[] destinations = new int[newSize]; >> int[] ranges = new int[newSize]; >> int ix = 0; >> for (int j = 6; j < data.length - 1; j += 2) { >> System.out.println("index %d %d".formatted(j, ix) ); >> destinations[ix] = data[j] & 0xFF; >> System.out.println("index " + (j + 1)); >> ranges[ix] = data[j + 1] & 0xFF; >> ix++; >> } >> >> >> Same applies to similar cases below. > > Ok, i think there are 3 places total with this possibility when increment > goes by 2 so fixed them all. Length check won't help here: int[] data = new int[100]; if (data.length < 8) { return; } int[] destinations = new int[(data.length - 7) / 2]; int[] ranges = new int[(data.length - 7) / 2]; int ix = 0; for (int j = 6; j < data.length - 1; j += 2) { destinations[ix] = data[j] & 0xFF; ranges[ix] = data[j + 1] & 0xFF; ix++; } `Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Index 46 out of bounds for length 46` We might want to add more test cases to the test. ------------- PR: https://git.openjdk.org/jdk/pull/9016
