JDK-6352834 : Java Runtime reads attribute_length as a signed value
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 5.0
  • Priority: P5
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2005-11-18
  • Updated: 2012-10-08
  • Resolved: 2006-03-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6 b75Fixed
Description
FULL PRODUCT VERSION :
java version "1.5.0_01"
Java (TM) 2 Runtime Environment, Standard Edition (build 1.5.0_01-b08)
Java HotSpot(TM) Client VM (build 1.5.0_01-b08, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
The runtime interprets large attribute_length values incorrectly. Values in the range 0x80000000 and 0xFFFFFFFF are considered negative.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1/ Compile a Test class containing a final field.
2/ Set the attribute_length to 0xFFFFFFFF in the ConstantValue attribute
3/ run Test

or
1/ Compile a Test2 class containing a final field
2/ replace "ConstantValue" with something else (any name not recognized by the VM)
3/ set the attribute_length to 0xFFFFFFF2 (-14)
4/ run Test2

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Exception in thread "main" java.lang.ClassFormatError: Truncated Class File for both Test and Test2
ACTUAL -
Exception in thread "main" java.lang.ClassFormatError: Invalid ConstantValue field attribute_length -1 in class file Test

and

Exception in thread "main" java.lang.ClassFormatError: Repetitive field name/signature in class file Test2

The latter shows another problem : the file pointer goes backwards when a negative attribute_length is read. In this case we go 14 bytes backwards, so that the same field is read again.

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
No source code, manual edition required.
---------- END SOURCE ----------
Comments
EVALUATION The current 6.0 code verifies that the attribute length is 2 for a ConstantValue attribute, so the second test case is correctly rejected without an attempted redefinition. However, both tests result in messages that contain the invalid value represented as a signed value, where it should be represented as unsigned (this goes also for all the class file parsing error messages that contain a index value).
17-02-2006