ArrayIndexOutOfBoundsException in LexicalContext.java#inUnprotectedSwitchContext

Fri Aug 9 14:27:54 UTC 2019

Hi Anton,

Thanks for the report - that’s a really interesting one!

I’ll file a bug for it, but given that Nashorn is deprecated and this is part of the incomplete ES6 support I don’t think it will be deemed worthy of a 8u backport.

Hannes

> Am 09.08.2019 um 11:16 schrieb Anton Mitrofanov <mitrofanov at krista.ru>:
> 
> Hi.
> 
> We have encountered a bug in Nashorn with JDK8 u221. It can be reproduced by evaluation of this script with "jjs --language=es6":
> 
> {{{{{{{{{{{{{{{ let x; }}}}}}}}}}}}}}}
> 
> It results in "java.lang.ArrayIndexOutOfBoundsException: 16" output. It need exactly 15 curly braces to cause this bug.
> 
> And here is the patch to fix it:
> 
> diff -r 06eed83ab4cd src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/ir/LexicalContext.java
> --- a/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/ir/LexicalContext.java       Tue Aug 06 12:14:41 20>
> +++ b/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/ir/LexicalContext.java       Fri Aug 09 11:37:23 20>
> @@ -697,7 +697,7 @@
>      * @return {@code true} if in unprotected switch statement.
>      */
>     public boolean inUnprotectedSwitchContext() {
> -        for (int i = sp; i > 0; i--) {
> +        for (int i = sp - 1; i > 0; i--) {
>             final LexicalContextNode next = stack[i];
>             if (next instanceof Block) {
>                 return stack[i - 1] instanceof SwitchNode;
> 
> P.S. Can we expect that this bug will be fixed in JDK8 updates?
> 