JDK-5104086 : Some charset decoders don't handle buffer overflow correctly
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.nio.charsets
  • Affected Version: 6
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2004-09-18
  • Updated: 2014-09-30
  • Resolved: 2006-08-05
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6 b95Fixed
Related Reports
Relates :  
JDK-5101128 - (cs) CoderResult.isOverflow() returns false when UTF-16 overflows
Description
The following program

---------------------------------------------------
import java.util.*;
import java.nio.*;
import java.nio.charset.*;

public class DecoderOverflow {
    static int failures = 0;

    public static void main(String[] args) throws Exception {
	for (String csn : Charset.availableCharsets().keySet()) {
	    // The following 3 charsets are broken as of 2004-09-17
// 	    if (csn.equals("JIS_X0212-1990")) continue;
// 	    if (csn.equals("x-JIS0208"))      continue;
// 	    if (csn.equals("x-ISCII91"))      continue;
	    try {
		test(csn);
	    } catch (Throwable t) {
		System.out.println(csn);
		t.printStackTrace();
		failures++;
	    }
	}
	if (failures > 0)
	    throw new Exception(failures + " charsets failed");
    }

    static void test(String encoding) throws Exception {
	String text = "Vote for Duke!";
	Charset cs = Charset.forName(encoding);
	if (! cs.canEncode() || ! cs.newEncoder().canEncode('.')) return;
	ByteBuffer in = ByteBuffer.wrap(text.getBytes(encoding));
	CharBuffer out = CharBuffer.allocate(text.length()/2);
	CoderResult result = cs.newDecoder().decode(in, out, true);
	if (out.hasRemaining() || ! result.isOverflow())
	    throw new Exception
		("out.hasRemaining()=" + out.hasRemaining() +
		 " result.isOverflow()=" + result.isOverflow() +
		 " in.capacity()=" + in.capacity() +
		 " encoding=" + encoding);
    }
}
-----------------------------------------------------
fails as follows:

----------System.out:(3/35)----------
JIS_X0212-1990
x-ISCII91
x-JIS0208
----------System.err:(43/2680)----------
java.lang.Exception: out.hasRemaining()=true result.isOverflow()=false in.capacity()=14 encoding=JIS_X0212-1990
	at DecoderOverflow.test(DecoderOverflow.java:40)
	at DecoderOverflow.main(DecoderOverflow.java:21)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at com.sun.javatest.regtest.MainWrapper$MainThread.run(MainWrapper.java:83)
	at java.lang.Thread.run(Thread.java:595)
java.lang.ArrayIndexOutOfBoundsException: 7
	at sun.nio.cs.ext.ISCII91$Decoder.decodeArrayLoop(ISCII91.java:635)
	at sun.nio.cs.ext.ISCII91$Decoder.decodeLoop(ISCII91.java:782)
	at java.nio.charset.CharsetDecoder.decode(CharsetDecoder.java:542)
	at DecoderOverflow.test(DecoderOverflow.java:38)
	at DecoderOverflow.main(DecoderOverflow.java:21)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at com.sun.javatest.regtest.MainWrapper$MainThread.run(MainWrapper.java:83)
	at java.lang.Thread.run(Thread.java:595)
java.lang.Exception: out.hasRemaining()=true result.isOverflow()=false in.capacity()=14 encoding=x-JIS0208
	at DecoderOverflow.test(DecoderOverflow.java:40)
	at DecoderOverflow.main(DecoderOverflow.java:21)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at com.sun.javatest.regtest.MainWrapper$MainThread.run(MainWrapper.java:83)
	at java.lang.Thread.run(Thread.java:595)
Comments
EVALUATION no longer reproducible in latest mustang builds, need to remove these lines from test case DecoderOverflow.java
28-07-2006
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: mustang
19-09-2004
PUBLIC COMMENTS Some charset decoders don't handle buffer overflow correctly. JIS_X0212-1990 x-ISCII91 x-JIS0208
19-09-2004
EVALUATION Found while testing fix for 5101128. When this bug is fixed, simply comment out the appropriate parts of the test case for that bug. Probably a failure to consider overflow during decodeloop. ###@###.### 2004-09-17
17-09-2004