ArrayIndexOutOfBoundsException in LexicalContext.java#inUnprotectedSwitchContext

Fri Aug 9 09:16:43 UTC 2019

Hi.

We have encountered a bug in Nashorn with JDK8 u221. It can be reproduced by evaluation of this script with "jjs --language=es6":

{{{{{{{{{{{{{{{ let x; }}}}}}}}}}}}}}}

It results in "java.lang.ArrayIndexOutOfBoundsException: 16" output. It need exactly 15 curly braces to cause this bug.

And here is the patch to fix it:

diff -r 06eed83ab4cd src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/ir/LexicalContext.java

--- a/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/ir/LexicalContext.java       Tue Aug 06 12:14:41 20>
+++ b/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/ir/LexicalContext.java       Fri Aug 09 11:37:23 20>
@@ -697,7 +697,7 @@
      * @return {@code true} if in unprotected switch statement.
      */
     public boolean inUnprotectedSwitchContext() {
-        for (int i = sp; i > 0; i--) {
+        for (int i = sp - 1; i > 0; i--) {
             final LexicalContextNode next = stack[i];
             if (next instanceof Block) {
                 return stack[i - 1] instanceof SwitchNode;

P.S. Can we expect that this bug will be fixed in JDK8 updates?

