Code review request for 7172149 ArrayIndexOutOfBoundsException from Signature.verify
Jonathan Lu
luchsh at linux.vnet.ibm.com
Tue May 29 05:53:11 UTC 2012
Hi Security-dev,
Here's a patch for bug7172149, could anybody please help to take a look?
http://cr.openjdk.java.net/~luchsh/7172149/
The problem is that the range check in Signature.verify(byte[], int,
int) uses integer value to check whether (offset + length) is greater
than signature.length, but if (offset + length) overflows the check will
fail and ArrayIndexOutOfBoundsException will be thrown instead of
IllegalArgumentException.My proposed solution is to make a conversion
to long in the if block.
Thanks!
- Jonathan
More information about the security-dev
mailing list