JDK-8011645 : CopyOnWriteArrayList.COWSubList.subList does not validate range properly
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.util.concurrent
  • Affected Version: 7,8
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2013-04-05
  • Updated: 2016-08-26
  • Resolved: 2014-01-31
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
8u20Fixed 9 b03Fixed
Related Reports
Duplicate :  
CopyOnWriteArrayList.COWSubList does not validate its args to the same extent as, for example, ArrayList.SubList. Specifically, it does not check if the from index is greater than the to index. Suggestion is to add a subListRangeCheck method like in ArrayList.SubList and use it for validation. 

Issue reported by Arne Siegel <v.a.ammodytes@googlemail.com>
Failed JCK test: api/java_util/concurrent/CopyOnWriteArrayList/index.html#CopyOnWriteArrayList[testSubList3_IndexOutOfBoundsException]

There is a very minor issue with CopyOnWriteArrayList.COWSubList.subList. It does not check that the fromIndex is less that the toIndex. Suggested fix: diff --git a/src/share/classes/java/util/concurrent/CopyOnWriteArrayList.java b/src/share/classes/java/util/concurrent/CopyOnWriteArrayList.java --- a/src/share/classes/java/util/concurrent/CopyOnWriteArrayList.java +++ b/src/share/classes/java/util/concurrent/CopyOnWriteArrayList.java @@ -1400,7 +1400,7 @@ lock.lock(); try { checkForComodification(); - if (fromIndex < 0 || toIndex > size) + if (fromIndex < 0 || toIndex > size || fromIndex > toIndex) throw new IndexOutOfBoundsException(); return new COWSubList<E>(l, fromIndex + offset, toIndex + offset); Trivial test to demonstrate the problem: public class COWSubList { public static void main(String[] args) { List<String> list = new CopyOnWriteArrayList<>(); //List<String> list = new ArrayList<>(); list.add("A"); list.add("B"); list.add("C"); list.add("D"); list.add("E"); list.subList(0, 5).subList(4, 3); } }

Because CopyOnWriteArrayList.COWSubList constructor is invoked from only two methods, each of which must perform validation anyway, the constructor relies on the callers to check parameters. I can imagine some reasons to change this if the number or kinds of callers were increased. But as it stands, not.

As this is a P4 then I assume it not critical for jdk8 so I'm changing the fixVersion to tdb_*. We can change it later once we know if there is a patch in Doug's CVS.

This needs to be brought up on the concurrency-interest list.