On Mon, 17 May 2021 12:46:31 GMT, Fabian Meumertzheim <github.com+4312191+fm...@openjdk.org> wrote:
>> `sun.security.util.DerIndefLenConverter#convertBytes` does not perform >> sufficient checks after calling `#parseValue`, which can overflow `dataPos` >> or make it exceed `dataSize`. This can lead to an >> `ArrayIndexOutOfBoundsException`. >> >> The fix is to ensure `dataPos` is in the valid range `[0,dataSize]` after >> the call to `parseValue`. > > The referenced bug is > https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8267086, but for some > reason the reference is shown as not valid. @fmeum Did you want to re-open this PR request? I will have a look at the PR. ------------- PR: https://git.openjdk.java.net/jdk/pull/4058
