[jira] [Created] (OAK-8773) Some potential ArrayIndexOutOfBounds Exception

Mon, 18 Nov 2019 05:26:23 -0800 

Qian Chen created OAK-8773:
------------------------------

             Summary: Some potential ArrayIndexOutOfBounds Exception
                 Key: OAK-8773
                 URL: https://issues.apache.org/jira/browse/OAK-8773
             Project: Jackrabbit Oak
          Issue Type: Bug
            Reporter: Qian Chen


Hi all,
Our bug scanner has reported some potential ArrayIndexOutOfBounds bugs.

The first one ia at 
[DebugTimer.java#L60|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/DebugTimer.java#L60]
 since  there may be no element in the array. Some similar situations appear at 
[PropertiesUtil.java#L303|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/PropertiesUtil.java#L303]
 , 
[Profiler.java#L384|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Profiler.java#L384]
 , 
[CacheLIRS.java#L184|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-core-spi/src/main/java/org/apache/jackrabbit/oak/cache/CacheLIRS.java#L184]
 , 
[GenericDescriptors.java#L108|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-core-spi/src/main/java/org/apache/jackrabbit/oak/spi/descriptors/GenericDescriptors.java#L108]
 , 
[LikePattern.java#L156|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-query-spi/src/main/java/org/apache/jackrabbit/oak/spi/query/fulltext/LikePattern.java#L156]
 , 
[PrivilegeBits.java#L818|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java#L818]
 and 
[PrivilegeBits.java#L839|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java#L839]


The second one is at 
[JsopTokenizer.java#L369|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/json/JsopTokenizer.java#L369]
 since the index may not be in the valid range. Some similar situations are at 
JsopStream.java , from 
[Line35|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/json/JsopStream.java#L35]
 to 
[Line62|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/json/JsopStream.java#L62]
 ,  
[Line192|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/json/JsopStream.java#L192]
 to 
[Line325|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/json/JsopStream.java#L325]
 , 
[ManagementOperation.java#L335|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-core-spi/src/main/java/org/apache/jackrabbit/oak/commons/jmx/ManagementOperation.java#L335]
 , CacheLIRS.java 
[Line211|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-core-spi/src/main/java/org/apache/jackrabbit/oak/cache/CacheLIRS.java#L211]
 , 
[Line212|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-core-spi/src/main/java/org/apache/jackrabbit/oak/cache/CacheLIRS.java#L212]
 , 
[Line434|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-core-spi/src/main/java/org/apache/jackrabbit/oak/cache/CacheLIRS.java#L434]
 , 
[Line1156|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-core-spi/src/main/java/org/apache/jackrabbit/oak/cache/CacheLIRS.java#L1156]
 , 
[Line1157|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-core-spi/src/main/java/org/apache/jackrabbit/oak/cache/CacheLIRS.java#L1157]
 , 
[Line1186|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-core-spi/src/main/java/org/apache/jackrabbit/oak/cache/CacheLIRS.java#L1186]
 , 
[Line1191|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-core-spi/src/main/java/org/apache/jackrabbit/oak/cache/CacheLIRS.java#L1191]
 , 
[Line1307|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-core-spi/src/main/java/org/apache/jackrabbit/oak/cache/CacheLIRS.java#L1307]
 , 
[SubtreeEditor.java#L51|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-store-spi/src/main/java/org/apache/jackrabbit/oak/spi/commit/SubtreeEditor.java#L51]
 , LikePattern.java 
[Line48|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-query-spi/src/main/java/org/apache/jackrabbit/oak/spi/query/fulltext/LikePattern.java#L48]
 , 
[Line53|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-query-spi/src/main/java/org/apache/jackrabbit/oak/spi/query/fulltext/LikePattern.java#L53]
 , 
[Line117-118|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-query-spi/src/main/java/org/apache/jackrabbit/oak/spi/query/fulltext/LikePattern.java#L117]

The third is at PrivilegeBits.java 
[Line689|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java#L689]
 , 
[Line693|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java#L693]
 and 
[Line696|https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.18.0/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java#L696]
 since the index may be negative.

Thanks.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to