RFR: 8351113: RC2ParameterSpec throws IllegalArgumentException when offset is negative [v3]
Sean Mullan
mullan at openjdk.org
Tue Apr 29 18:21:47 UTC 2025
On Tue, 29 Apr 2025 16:22:43 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java line 107:
>>
>>> 105: if (offset < 0) {
>>> 106: throw new ArrayIndexOutOfBoundsException("offset is negative");
>>> 107: }
>>
>> Move these lines before line 104 as `blocksize` doesn't need to be set until after this check.
>
> done
This is a side issue, but it looks like this API can also throw `IndexOutOfBoundsException` if an offset is input which causes `System.arraycopy` (on line 112) to access the iv out of range. Please check and file a separate issue to have this exception documented, if so.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24854#discussion_r2067096446
More information about the security-dev
mailing list