On Wed, 7 Dec 2022 21:15:30 GMT, Alexander Zuev <[email protected]> wrote:
>> Length check won't help here:
>>
>>
>> int[] data = new int[100];
>> if (data.length < 8) {
>> return;
>> }
>> int[] destinations = new int[(data.length - 7) / 2];
>> int[] ranges = new int[(data.length - 7) / 2];
>> int ix = 0;
>> for (int j = 6; j < data.length - 1; j += 2) {
>> destinations[ix] = data[j] & 0xFF;
>> ranges[ix] = data[j + 1] & 0xFF;
>> ix++;
>> }
>>
>> `Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Index
>> 46 out of bounds for length 46`
>>
>>
>> We might want to add more test cases to the test.
>
>> Length check won't help here:
>
> I think the problem here is in the original code: the array allocation was
> reused across 3 places and it reserved buffers for ranges and destinations
> that should load up the remaining of data from the offset 7, but in first two
> places are trying to load data from offset 6, which causes buffer overflow.
> The idea of my new fix here is to create a proper buffers.
> We might want to add more test cases to the test.
That would be an extensive task, there is a set of the tests being run by third
party - and that's them who created the initial issue. I do not think it is
practical to bring all the cases they test here. That testing takes a very long
time.
-------------
PR: https://git.openjdk.org/jdk/pull/9016
