RFR: 8263509: LdapSchemaParser.readNextTag checks array length incorrectly
Aleksey Shipilev
shade at openjdk.java.net
Tue Mar 16 08:59:04 UTC 2021
On Fri, 12 Mar 2021 15:28:03 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:
>> SonarCloud rightfully says:
>> The length of "values" is always ">=0", so update this test to either "==0" or ">0".
>>
>> // make sure at least one value was returned
>> if(values.length < 0) { // <--- here
>> throw new InvalidAttributeValueException("no values for " +
>> "attribute "" +
>> tagName + """);
>> }
>>
>> There is a subsequent access to values[0], which means the failure would throw `AIOOB`, not `InvalidAttributeValueException`.
>>
>> Additional testing:
>> - [x] Linux x86_64 fastdebug, `com/sun/jndi`
>
> Seems fine. Lets hope no caller relies on this throwing AIOOBE.
>
> ..Thomas
> This looks right but I'm surprised it isn't caught by tests (@AlekseiEfimov - do you have suggests for tests that would be useful to add here?)
Can we go without adding tests here? This seems quite trivial.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2968
More information about the core-libs-dev
mailing list