-
Bug
-
Resolution: Fixed
-
P4
-
1.0.2, 1.1.6, 1.2.0
-
1.2beta4
-
generic, sparc
-
generic, solaris_2.5, solaris_2.6
-
Verified
This bug was found by St.Petersburg Java SQE team (by Stanislav Avzan).
The java.io.StringBufferInputStream.read(b,off,len) method does not work with
incorrect values of off and len according to the Java language specification.
The Java Language specification
(Version 1.0 - August 1, 1996)
says the following (please see item 22.3.3):
22.3.3 public int read(byte[] b, int off, int len)
throws IOException, NullPointerException,
IndexOutOfBoundsException
The general contract of read(b, off, len) is that it reads some number
of bytes from the input stream and stores them into the buffer array b. An
attempt is made to read as many as len bytes, but a smaller number may
be read, possibly zero. The number of bytes actually read is returned as
an integer.
This method blocks until input data is available, end of file is detected, or
an exception is thrown.
If b is null, a NullPointerException is thrown.
If off is negative, or len is negative, or off+len is greater than the
length of the array b, then an IndexOutOfBoundsException is thrown.
<.....>"
So this method should throw IndexOutOfBoundsException
if off is negative or len is negative or len + off is greater than b.length.
But in fact it either does not throw IndexOutOfBoundsException or performs
readings prior to throwing.
Here is the minimized test demonstrating the bug:
----- test22.java ---------------------------------------
import java.io.*;
public class test22 {
public static void main( String[] argv ) {
StringBufferInputStream is = new StringBufferInputStream("0123456789");
byte[] b = new byte[10];
int a = is.available();
try {
is.read(b,-5,1); // testing negative off
System.out.println("Off test failed: IndexOutOfBoundsException not thrown");
} catch(IndexOutOfBoundsException e) {
if (a == is.available()) // testing no readings are made
System.out.println("Off test passed: IndexOutOfBoundsException thrown, no readings made");
else
System.out.println("Off test failed: IndexOutOfBoundsException thrown, but "+ (a-is.available())+" readings made");
} catch(Throwable e) {
System.out.println("Off test failed: unexpected <"+e+"> thrown");
}
a = is.available();
try {
is.read(b,3,-5); // testing negative len
System.out.println("Len test failed: IndexOutOfBoundsException not thrown");
} catch(IndexOutOfBoundsException e) {
if (a == is.available()) // testing no readings are made
System.out.println("Len test passed: IndexOutOfBoundsException thrown, no readings made");
else
System.out.println("Len test failed: IndexOutOfBoundsException thrown, but "+ (a-is.available())+" readings made");
} catch(Throwable e) {
System.out.println("Len test failed: unexpected <"+e+"> thrown");
}
}
}
----- The output of the test: -------------------------
$JAVA test22
Off test failed: IndexOutOfBoundsException thrown, but 1 readings made
Len test failed: IndexOutOfBoundsException not thrown
-------------------------------------------------------
Name: saC57035 Date: 11/27/96
This bug was found by St.Petersburg Java SQE team (by Stanislav Avzan).
The java.io.InputStream.read(b,off,len) and java.io.StringBufferInputStream.read(b,off,len)
methods don't work with null value of b according to the Java language specification.
This bug was found by St.Petersburg Java SQE team (by Stanislav Avzan).
The java.io.InputStream.read(b,off,len) and java.io.StringBufferInputStream.read(b,off,len)
methods don't work with incorrect values of off and len according to the
Java language specification.
The Java Language specification
(Version 1.0 - August 1, 1996)
says the following (please see item 22.3.3):
22.3.3 public int read(byte[] b, int off, int len)
throws IOException, NullPointerException,
IndexOutOfBoundsException
The general contract of read(b, off, len) is that it reads some number
of bytes from the input stream and stores them into the buffer array b. An
attempt is made to read as many as len bytes, but a smaller number may
be read, possibly zero. The number of bytes actually read is returned as
an integer.
This method blocks until input data is available, end of file is detected, or
an exception is thrown.
If b is null, a NullPointerException is thrown.
If off is negative, or len is negative, or off+len is greater than the
length of the array b, then an IndexOutOfBoundsException is thrown.
<.....>"
So this method should throw IndexOutOfBoundsException
if off is negative or len is negative or len + off is greater than b.length.
But in fact it either does not throw IndexOutOfBoundsException or performs
readings prior to throwing.
Here is the minimized test demonstrating the bug for StringBufferInputStream:
----- test22.java ---------------------------------------
import java.io.*;
public class test22 {
public static void main( String[] argv ) {
StringBufferInputStream is = new StringBufferInputStream("0123456789");
byte[] b = new byte[10];
int a = is.available();
try {
is.read(b,-5,1); // testing negative off
System.out.println("Off test failed: IndexOutOfBoundsException not thrown");
} catch(IndexOutOfBoundsException e) {
if (a == is.available()) // testing no readings are made
System.out.println("Off test passed: IndexOutOfBoundsException thrown, no readings made");
else
System.out.println("Off test failed: IndexOutOfBoundsException thrown, but "+ (a-is.available())+" readings made");
} catch(Throwable e) {
System.out.println("Off test failed: unexpected <"+e+"> thrown");
}
a = is.available();
try {
is.read(b,3,-5); // testing negative len
System.out.println("Len test failed: IndexOutOfBoundsException not thrown");
} catch(IndexOutOfBoundsException e) {
if (a == is.available()) // testing no readings are made
System.out.println("Len test passed: IndexOutOfBoundsException thrown, no readings made");
else
System.out.println("Len test failed: IndexOutOfBoundsException thrown, but "+ (a-is.available())+" readings made");
} catch(Throwable e) {
System.out.println("Len test failed: unexpected <"+e+"> thrown");
}
}
}
----- The output of the test: -------------------------
$JAVA test22
Off test failed: IndexOutOfBoundsException thrown, but 1 readings made
Len test failed: IndexOutOfBoundsException not thrown
-------------------------------------------------------
======================================================================
Name: saC57035 Date: 12/02/96
The similar bug is found in LineNumberInputStream as well.
======================================================================
The java.io.StringBufferInputStream.read(b,off,len) method does not work with
incorrect values of off and len according to the Java language specification.
The Java Language specification
(Version 1.0 - August 1, 1996)
says the following (please see item 22.3.3):
22.3.3 public int read(byte[] b, int off, int len)
throws IOException, NullPointerException,
IndexOutOfBoundsException
The general contract of read(b, off, len) is that it reads some number
of bytes from the input stream and stores them into the buffer array b. An
attempt is made to read as many as len bytes, but a smaller number may
be read, possibly zero. The number of bytes actually read is returned as
an integer.
This method blocks until input data is available, end of file is detected, or
an exception is thrown.
If b is null, a NullPointerException is thrown.
If off is negative, or len is negative, or off+len is greater than the
length of the array b, then an IndexOutOfBoundsException is thrown.
<.....>"
So this method should throw IndexOutOfBoundsException
if off is negative or len is negative or len + off is greater than b.length.
But in fact it either does not throw IndexOutOfBoundsException or performs
readings prior to throwing.
Here is the minimized test demonstrating the bug:
----- test22.java ---------------------------------------
import java.io.*;
public class test22 {
public static void main( String[] argv ) {
StringBufferInputStream is = new StringBufferInputStream("0123456789");
byte[] b = new byte[10];
int a = is.available();
try {
is.read(b,-5,1); // testing negative off
System.out.println("Off test failed: IndexOutOfBoundsException not thrown");
} catch(IndexOutOfBoundsException e) {
if (a == is.available()) // testing no readings are made
System.out.println("Off test passed: IndexOutOfBoundsException thrown, no readings made");
else
System.out.println("Off test failed: IndexOutOfBoundsException thrown, but "+ (a-is.available())+" readings made");
} catch(Throwable e) {
System.out.println("Off test failed: unexpected <"+e+"> thrown");
}
a = is.available();
try {
is.read(b,3,-5); // testing negative len
System.out.println("Len test failed: IndexOutOfBoundsException not thrown");
} catch(IndexOutOfBoundsException e) {
if (a == is.available()) // testing no readings are made
System.out.println("Len test passed: IndexOutOfBoundsException thrown, no readings made");
else
System.out.println("Len test failed: IndexOutOfBoundsException thrown, but "+ (a-is.available())+" readings made");
} catch(Throwable e) {
System.out.println("Len test failed: unexpected <"+e+"> thrown");
}
}
}
----- The output of the test: -------------------------
$JAVA test22
Off test failed: IndexOutOfBoundsException thrown, but 1 readings made
Len test failed: IndexOutOfBoundsException not thrown
-------------------------------------------------------
Name: saC57035 Date: 11/27/96
This bug was found by St.Petersburg Java SQE team (by Stanislav Avzan).
The java.io.InputStream.read(b,off,len) and java.io.StringBufferInputStream.read(b,off,len)
methods don't work with null value of b according to the Java language specification.
This bug was found by St.Petersburg Java SQE team (by Stanislav Avzan).
The java.io.InputStream.read(b,off,len) and java.io.StringBufferInputStream.read(b,off,len)
methods don't work with incorrect values of off and len according to the
Java language specification.
The Java Language specification
(Version 1.0 - August 1, 1996)
says the following (please see item 22.3.3):
22.3.3 public int read(byte[] b, int off, int len)
throws IOException, NullPointerException,
IndexOutOfBoundsException
The general contract of read(b, off, len) is that it reads some number
of bytes from the input stream and stores them into the buffer array b. An
attempt is made to read as many as len bytes, but a smaller number may
be read, possibly zero. The number of bytes actually read is returned as
an integer.
This method blocks until input data is available, end of file is detected, or
an exception is thrown.
If b is null, a NullPointerException is thrown.
If off is negative, or len is negative, or off+len is greater than the
length of the array b, then an IndexOutOfBoundsException is thrown.
<.....>"
So this method should throw IndexOutOfBoundsException
if off is negative or len is negative or len + off is greater than b.length.
But in fact it either does not throw IndexOutOfBoundsException or performs
readings prior to throwing.
Here is the minimized test demonstrating the bug for StringBufferInputStream:
----- test22.java ---------------------------------------
import java.io.*;
public class test22 {
public static void main( String[] argv ) {
StringBufferInputStream is = new StringBufferInputStream("0123456789");
byte[] b = new byte[10];
int a = is.available();
try {
is.read(b,-5,1); // testing negative off
System.out.println("Off test failed: IndexOutOfBoundsException not thrown");
} catch(IndexOutOfBoundsException e) {
if (a == is.available()) // testing no readings are made
System.out.println("Off test passed: IndexOutOfBoundsException thrown, no readings made");
else
System.out.println("Off test failed: IndexOutOfBoundsException thrown, but "+ (a-is.available())+" readings made");
} catch(Throwable e) {
System.out.println("Off test failed: unexpected <"+e+"> thrown");
}
a = is.available();
try {
is.read(b,3,-5); // testing negative len
System.out.println("Len test failed: IndexOutOfBoundsException not thrown");
} catch(IndexOutOfBoundsException e) {
if (a == is.available()) // testing no readings are made
System.out.println("Len test passed: IndexOutOfBoundsException thrown, no readings made");
else
System.out.println("Len test failed: IndexOutOfBoundsException thrown, but "+ (a-is.available())+" readings made");
} catch(Throwable e) {
System.out.println("Len test failed: unexpected <"+e+"> thrown");
}
}
}
----- The output of the test: -------------------------
$JAVA test22
Off test failed: IndexOutOfBoundsException thrown, but 1 readings made
Len test failed: IndexOutOfBoundsException not thrown
-------------------------------------------------------
======================================================================
Name: saC57035 Date: 12/02/96
The similar bug is found in LineNumberInputStream as well.
======================================================================
- duplicates
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-