[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug classpath/23025] ObjectInputStream.read has ArrayIndexOutOfBounds a
|
From: |
gcc at pcedev dot com |
|
Subject: |
[Bug classpath/23025] ObjectInputStream.read has ArrayIndexOutOfBounds and incorrect return value |
|
Date: |
8 Feb 2006 21:33:19 -0000 |
There's some faulty logic in java.io.ObjectInputStream.read(byte[],int,int).
First, there is an assumption that the argument length is less than the size of
this.blockData. In fact, length could be many times the size of blockData, so
a loop is needed in this method. This error causes an
ArrayIndexOutOfBoundsException.
Second, the return value should be the number of bytes copied into data.
Instead it is length, which is decremented in the if block.
I have this error with JikesRVM using Classpath 0.15.
Attached are two files that demonstrate the bug:
% rvm SaveBytes
using file /tmp/test1120699003031.tmp
% rvm LoadBytes /tmp/test1120699003031.tmp
error at 132: breaks at 50 and 132
% java LoadBytes /tmp/test1120699003031.tmp
success
You can get the ArrayIndexOutOfBoundsException by editing LoadBytes to use a
larger third argument.
The read method is used when deserializing objects, which is how I discovered
the problem.
------- Comment #1 from from-classpath at savannah dot gnu dot org 2005-07-07
07:48 -------
I am attaching a diff of how I fixed this. I am not familiar with the original
code, so it may not be correct.
Actually, the read method is NOT used when deserializing objects. Thus, there
is another bug hiding somewhere, unfortunately.
--
gcc at pcedev dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gcc at pcedev dot com
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23025
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug classpath/23025] ObjectInputStream.read has ArrayIndexOutOfBounds and incorrect return value,
gcc at pcedev dot com <=