Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify (original) (raw)

Jonathan Lu luchsh at linux.vnet.ibm.com
Tue May 29 05:53:11 UTC 2012

• Previous message (by thread): hg: jdk8/tl/jdk: 7172177: test/java/util/TimeZone/DstTzTest.java failing on all platforms
• Next message (by thread): Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Security-dev,

Here's a patch for bug7172149, could anybody please help to take a look? http://cr.openjdk.java.net/~luchsh/7172149/

The problem is that the range check in Signature.verify(byte[], int, int) uses integer value to check whether (offset + length) is greater than signature.length, but if (offset + length) overflows the check will fail and ArrayIndexOutOfBoundsException will be thrown instead of IllegalArgumentException.My proposed solution is to make a conversion to long in the if block.

Thanks!

• Jonathan

• Previous message (by thread): hg: jdk8/tl/jdk: 7172177: test/java/util/TimeZone/DstTzTest.java failing on all platforms
• Next message (by thread): Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the security-dev mailing list