JDK-2200109 : (porting) Bounds checks in io_util.c rely on undefined behaviour
  • Type: Backport
  • Backport of: JDK-6788196
  • Component: core-libs
  • Sub-Component: java.io
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2010-09-27
  • Updated: 2011-04-20
  • Resolved: 2011-04-20
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u25-rev b21Fixed 7Fixed
Comments
EVALUATION Please see the parent CR. Suggested Fix: --- a/src/share/native/java/io/io_util.c Wed Dec 10 14:03:15 2008 -0800 +++ b/src/share/native/java/io/io_util.c Tue Dec 23 20:07:06 2008 +0000 @@ -74,8 +74,7 @@ readBytes(JNIEnv *env, jobject this, jby } datalen = (*env)->GetArrayLength(env, bytes); - if ((off < 0) || (off > datalen) || - (len < 0) || ((off + len) > datalen) || ((off + len) < 0)) { + if ((off < 0) || (len < 0) || (len > (datalen - off))) { JNU_ThrowByName(env, "java/lang/IndexOutOfBoundsException", 0); return -1; } @@ -147,8 +146,7 @@ writeBytes(JNIEnv *env, jobject this, jb } datalen = (*env)->GetArrayLength(env, bytes); - if ((off < 0) || (off > datalen) || - (len < 0) || ((off + len) > datalen) || ((off + len) < 0)) { + if ((off < 0) || (len < 0) || (len > (datalen - off))) { JNU_ThrowByName(env, "java/lang/IndexOutOfBoundsException", 0); return; }
17-02-2011