Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify (original) (raw)
Jonathan Lu luchsh at linux.vnet.ibm.com
Tue May 29 05:53:11 UTC 2012
- Previous message (by thread): hg: jdk8/tl/jdk: 7172177: test/java/util/TimeZone/DstTzTest.java failing on all platforms
- Next message (by thread): Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Security-dev,
Here's a patch for bug7172149, could anybody please help to take a look? http://cr.openjdk.java.net/~luchsh/7172149/
The problem is that the range check in Signature.verify(byte[], int, int) uses integer value to check whether (offset + length) is greater than signature.length, but if (offset + length) overflows the check will fail and ArrayIndexOutOfBoundsException will be thrown instead of IllegalArgumentException.My proposed solution is to make a conversion to long in the if block.
Thanks!
- Jonathan
- Previous message (by thread): hg: jdk8/tl/jdk: 7172177: test/java/util/TimeZone/DstTzTest.java failing on all platforms
- Next message (by thread): Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]