diff options
| author | ralph <ralph@138bc75d-0d04-0410-961f-82ee72b054a4> | 2003-10-16 21:28:23 +0000 |
|---|---|---|
| committer | ralph <ralph@138bc75d-0d04-0410-961f-82ee72b054a4> | 2003-10-16 21:28:23 +0000 |
| commit | b7acb68b892f95801e2240642c711166e5a952af (patch) | |
| tree | 29b6320b5dc7e8dbb94d055fb55385f1064c0a14 /libjava/java | |
| parent | 566cfa76991b51e1fbac20cc23def73f3f8c5366 (diff) | |
| download | gcc-b7acb68b892f95801e2240642c711166e5a952af.tar.gz | |
* java/lang/natString.cc (getChars):
Fix validation of array indexes.
(getBytes, regionMatches, startsWith, valueOf): Likewise.
* testsuite/libjava.lang/String_overflow.java: New file.
* testsuite/libjava.lang/String_overflow.out: New file.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@72578 138bc75d-0d04-0410-961f-82ee72b054a4
Diffstat (limited to 'libjava/java')
| -rw-r--r-- | libjava/java/lang/natString.cc | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/libjava/java/lang/natString.cc b/libjava/java/lang/natString.cc index c87844b0d51..8217f703995 100644 --- a/libjava/java/lang/natString.cc +++ b/libjava/java/lang/natString.cc @@ -601,7 +601,10 @@ java::lang::String::getChars(jint srcBegin, jint srcEnd, jint dst_length = JvGetArrayLength (dst); if (srcBegin < 0 || srcBegin > srcEnd || srcEnd > count) throw new java::lang::StringIndexOutOfBoundsException; - if (dstBegin < 0 || dstBegin + (srcEnd-srcBegin) > dst_length) + // The 2nd part of the test below is equivalent to + // dstBegin + (srcEnd-srcBegin) > dst_length + // except that it does not overflow. + if (dstBegin < 0 || dstBegin > dst_length - (srcEnd-srcBegin)) throw new ArrayIndexOutOfBoundsException; jchar *dPtr = elements (dst) + dstBegin; jchar *sPtr = JvGetStringChars (this) + srcBegin; @@ -653,7 +656,10 @@ java::lang::String::getBytes(jint srcBegin, jint srcEnd, jint dst_length = JvGetArrayLength (dst); if (srcBegin < 0 || srcBegin > srcEnd || srcEnd > count) throw new java::lang::StringIndexOutOfBoundsException; - if (dstBegin < 0 || dstBegin + (srcEnd-srcBegin) > dst_length) + // The 2nd part of the test below is equivalent to + // dstBegin + (srcEnd-srcBegin) > dst_length + // except that it does not overflow. + if (dstBegin < 0 || dstBegin > dst_length - (srcEnd-srcBegin)) throw new ArrayIndexOutOfBoundsException; jbyte *dPtr = elements (dst) + dstBegin; jchar *sPtr = JvGetStringChars (this) + srcBegin; @@ -700,9 +706,9 @@ jboolean java::lang::String::regionMatches (jint toffset, jstring other, jint ooffset, jint len) { - if (toffset < 0 || ooffset < 0 - || toffset + len > count - || ooffset + len > other->count) + if (toffset < 0 || ooffset < 0 || len < 0 + || toffset > count - len + || ooffset > other->count - len) return false; jchar *tptr = JvGetStringChars (this) + toffset; jchar *optr = JvGetStringChars (other) + ooffset; @@ -737,9 +743,9 @@ jboolean java::lang::String::regionMatches (jboolean ignoreCase, jint toffset, jstring other, jint ooffset, jint len) { - if (toffset < 0 || ooffset < 0 - || toffset + len > count - || ooffset + len > other->count) + if (toffset < 0 || ooffset < 0 || len < 0 + || toffset > count - len + || ooffset > other->count - len) return false; jchar *tptr = JvGetStringChars (this) + toffset; jchar *optr = JvGetStringChars (other) + ooffset; @@ -770,7 +776,7 @@ jboolean java::lang::String::startsWith (jstring prefix, jint toffset) { jint i = prefix->count; - if (toffset < 0 || toffset + i > count) + if (toffset < 0 || toffset > count - i) return false; jchar *xptr = JvGetStringChars (this) + toffset; jchar *yptr = JvGetStringChars (prefix); @@ -1043,7 +1049,7 @@ jstring java::lang::String::valueOf(jcharArray data, jint offset, jint count) { jint data_length = JvGetArrayLength (data); - if (offset < 0 || count < 0 || offset+count > data_length) + if (offset < 0 || count < 0 || offset > data_length - count) throw new ArrayIndexOutOfBoundsException; jstring result = JvAllocString(count); jchar *sPtr = elements (data) + offset; |