[9] RFR 8163518: Integer overflow in StringBufferInputStream.read(byte[], int, int) and CharArrayReader.read(char[], int, int)

Aleksey Shipilev aleksey.shipilev at gmail.com
Wed Aug 10 19:54:04 UTC 2016


On 08/10/2016 10:40 PM, Aleksey Shipilev wrote:
> On 08/10/2016 08:55 PM, Ivan Gerasimov wrote:
>> http://cr.openjdk.java.net/~igerasim/8163518/01/webrev/
>>
>> Would you please help review it once again?
> 
> I wonder, shouldn't it be (n <= k) here:
> 
>  164             long k = count - pos;
>  165             if (n < k) {
>  166                 k = (n <= 0) ? 0 : n;
>  167             }
>  168             pos += k;
>  169             return k;
> 
> "k" is the max number of chars to skip. It should be possible to skip
> all remaining chars when (n == k), right?

Wait, the code confused me. Of course, when (n == k), we have a proper
"k" already. Suggestion: let's not be overly cunning, and do a clearly
understandable boundary recovery:

  long k = count - pos;
  if (n > k) { // overflow
      n = k;
  }
  if (n < 0) { // underflow
      n = 0;
  }
  pos += n;
  return n;

This is similar to other two changed pieces.

Thanks,
-Aleksey



More information about the core-libs-dev mailing list