On Mon, 12 Jul 2021 17:52:58 GMT, Xue-Lei Andrew Fan wrote:
>> The referenced bug is
>> https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8267086, but for some
>> reason the reference is shown as not valid.
>
> @fmeum Did you want to re-open this PR request? I will have a look at the PR.
@
Hi Sean,
On Thu, May 27, 2021 at 2:35 PM Sean Mullan wrote:
> Hi Fabian,
>
> Thanks for posting this and your interest in helping to test and improve
> the quality of the Java core libraries. One comment/request below:
>
> On 5/17/21 9:09 AM, Fabian Meumertzheim wrote:
>
&
(Crosspost from core-libs-dev@:
https://mail.openjdk.java.net/pipermail/core-libs-dev/2021-May/077483.html)
I'm one of the maintainers of Jazzer (
https://github.com/CodeIntelligenceTesting/jazzer), a new open-source
fuzzer for the JVM platform. Jazzer has recently been integrated into
Google's OS
On Mon, 17 May 2021 12:33:53 GMT, Fabian Meumertzheim
wrote:
> `sun.security.util.DerIndefLenConverter#convertBytes` does not perform
> sufficient checks after calling `#parseValue`, which can overflow `dataPos`
> or make it exceed `dataSize`. This can l
`sun.security.util.DerIndefLenConverter#convertBytes` does not perform
sufficient checks after calling `#parseValue`, which can overflow `dataPos` or
make it exceed `dataSize`. This can lead to an `ArrayIndexOutOfBoundsException`.
The fix is to ensure `dataPos` is in the valid range `[0,dataSize