RFR [9]8134424: BlockDataInputStream.readUTFBody: examine sizing local StringBuffer with the given length
Chris Hegarty
chris.hegarty at oracle.com
Wed Feb 10 13:51:01 UTC 2016
On 08/02/16 21:54, Aleksey Shipilev wrote:
> ...
> Still, the corrupted stream may call readUTFBody(1L +
> Integer.MAX_VALUE), that yields initial capacity of -2147483648, which
> in turn fails StringBuilder(...) with NegativeArraySizeException. But I
> wonder if that is actually a valid UTF8 input, because you cannot have
> that large of a String...
Right. To retain existing behavior (negative sizes => empty string)
then we can just short-circuit this.
diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.java
b/src/java.base/share/classes/java/io/ObjectInputStream.java
--- a/src/java.base/share/classes/java/io/ObjectInputStream.java
+++ b/src/java.base/share/classes/java/io/ObjectInputStream.java
@@ -3144,7 +3144,12 @@
* utflen bytes.
*/
private String readUTFBody(long utflen) throws IOException {
- StringBuilder sbuf = new StringBuilder();
+ if (utflen < 0)
+ return "";
+
+ // a reasonable initial capacity based on the UTF length
+ int initialCapacity = Math.min((int)utflen, 16384);
+ StringBuilder sbuf = new StringBuilder(initialCapacity);
if (!blkmode) {
end = pos = 0;
}
-Chris.
More information about the core-libs-dev
mailing list