That's an interesting topic. From my understand, the length of an array
is of type "int". So normally, the (offset + length) should not be
great than integer.max_value. Of course, Hostile or improper code are
not of the case.
What's interesting to me is that may be when we do additive operation
On 5/26/2012 1:11 AM, Sean Mullan wrote:
>> That's my comment on specification. I may look into the implementation
>> update next Monday.
# KeyChecker.java, ConstraintsChecker.java
# PolicyChecker.java, ConstraintsChecker.java, minor comment:
public void check(Certificate cert, Collection unresC
Hi Security-dev,
Here's a patch for bug7172149, could anybody please help to take a look?
http://cr.openjdk.java.net/~luchsh/7172149/
The problem is that the range check in Signature.verify(byte[], int,
int) uses integer value to check whether (offset + length) is greater
than signature.length
Changeset: 60033ab79213
Author:littlee
Date: 2012-05-29 09:42 +0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/60033ab79213
7172177: test/java/util/TimeZone/DstTzTest.java failing on all platforms
Reviewed-by: alanb, okutsu
- test/java/util/TimeZone/DstTzTest.java
