-
Bug
-
Resolution: Fixed
-
P3
-
1.0.2
-
1.1fcs
-
sparc
-
solaris_2.5
-
Not verified
This bug was found by St.Petersburg Java SQE team (by Stanislav Avzan).
The java.io.StringBufferInputStream.skip(n) method does not work with
large values of n according to the Java language specification.
The Java Language specification
(Version 1.0 - August 1, 1996)
says the following (please see item 22.6.8):
"22.6.8 public long skip(long n)
The actual number k of bytes to be skipped is equal to the smaller of n and
count-pos. The value k is added into pos and k is returned.
Overrides the skip method of InputStream (p. 22.3.4)."
So this method should should not skip more than count-pos bytes. But in fact
it does when n+pos > Long.MAX_VALUE.
Source code fragment is as follows:
if (pos + n > count) {
n = count - pos;
It is clearly seen that overflow occurs in this case.
The evident fix is:
if (n > count - pos) {
n = count - pos;
Here is the minimized test demonstrating the bug:
----- test23.java ---------------------------------------
import java.io.*;
public class test23 {
public static void main( String[] argv ) {
StringBufferInputStream is = new StringBufferInputStream("0123456789");
is.skip(3); //make pos =2
// 7 bytes remained!
System.out.println("Here must be 7: "+is.skip(Long.MAX_VALUE));
}
}
----- The output of the test: -------------------------
$JAVA test23
Here must be 7: 9223372036854775807
-------------------------------------------------------
The java.io.StringBufferInputStream.skip(n) method does not work with
large values of n according to the Java language specification.
The Java Language specification
(Version 1.0 - August 1, 1996)
says the following (please see item 22.6.8):
"22.6.8 public long skip(long n)
The actual number k of bytes to be skipped is equal to the smaller of n and
count-pos. The value k is added into pos and k is returned.
Overrides the skip method of InputStream (p. 22.3.4)."
So this method should should not skip more than count-pos bytes. But in fact
it does when n+pos > Long.MAX_VALUE.
Source code fragment is as follows:
if (pos + n > count) {
n = count - pos;
It is clearly seen that overflow occurs in this case.
The evident fix is:
if (n > count - pos) {
n = count - pos;
Here is the minimized test demonstrating the bug:
----- test23.java ---------------------------------------
import java.io.*;
public class test23 {
public static void main( String[] argv ) {
StringBufferInputStream is = new StringBufferInputStream("0123456789");
is.skip(3); //make pos =2
// 7 bytes remained!
System.out.println("Here must be 7: "+is.skip(Long.MAX_VALUE));
}
}
----- The output of the test: -------------------------
$JAVA test23
Here must be 7: 9223372036854775807
-------------------------------------------------------