jakarta-bcel-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44876] ArrayIndexOutOfBoundsException thrown from TABLESWITCH.initFromFile
Date Mon, 28 Apr 2008 15:54:17 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=44876


Timothy Alper <talper@coverity.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW




--- Comment #2 from Timothy Alper <talper@coverity.com>  2008-04-28 08:54:16 PST ---
Sorry about that, I was in a bit of a rush.

The corner case is if the low and high values (signed ints) are the same and
their value is 0x7fffffff (Integer.MAX_VALUE). This occurs only if there is one
case (aside from the default) in the switch and it happens to be MAX_VALUE.

Here's the code in BCEL that causes the problem:

for (int i = low; i <= high; i++) {
  match[i - low] = i; //ArrayIndexOutOfBoundsException thrown here
}

The loop boundaries are the problem. 'i' is initialized to MAX_VALUE, then
match[0] is set correctly to MAX_VALUE, i is incremented causing overflow,
since i is still <= MAX_VALUE the loop continues. Then on the next time through
the loop (i - low) == (0x80000000 - 0x7fffffff) == 1, but match[1] is invalid
because it was initialized to have only 1 element by "match_length = high - low
+ 1" and "match = new int[match_length]".


As you can see, my patch resolves this corner case and has the added benefit of
eliminating an extra for loop.


By the way, the actual exception that finally bubbles up isn't too helpful
because the ArrayIndexOutOfBoundsException gets converted into a
ClassGenException without having the whole ArrayIndexOutOfBoundsException
wrapped. Anyway, for the sake of being complete, it looks like this:
org.apache.bcel.generic.ClassGenException:
java.lang.ArrayIndexOutOfBoundsException: 1
        at
org.apache.bcel.generic.Instruction.readInstruction(Instruction.java:177)
        at
org.apache.bcel.generic.InstructionList.<init>(InstructionList.java:167)
        at org.apache.bcel.generic.MethodGen.<init>(MethodGen.java:164)
        at ...


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bcel-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: bcel-dev-help@jakarta.apache.org


Mime
View raw message