-
Bug
-
Resolution: Fixed
-
P5
-
5.0
-
b75
-
x86
-
windows_xp
FULL PRODUCT VERSION :
java version "1.5.0_01"
Java (TM) 2 Runtime Environment, Standard Edition (build 1.5.0_01-b08)
Java HotSpot(TM) Client VM (build 1.5.0_01-b08, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
The runtime interprets large attribute_length values incorrectly. Values in the range 0x80000000 and 0xFFFFFFFF are considered negative.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1/ Compile a Test class containing a final field.
2/ Set the attribute_length to 0xFFFFFFFF in the ConstantValue attribute
3/ run Test
or
1/ Compile a Test2 class containing a final field
2/ replace "ConstantValue" with something else (any name not recognized by the VM)
3/ set the attribute_length to 0xFFFFFFF2 (-14)
4/ run Test2
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Exception in thread "main" java.lang.ClassFormatError: Truncated Class File for both Test and Test2
ACTUAL -
Exception in thread "main" java.lang.ClassFormatError: Invalid ConstantValue field attribute_length -1 in class file Test
and
Exception in thread "main" java.lang.ClassFormatError: Repetitive field name/signature in class file Test2
The latter shows another problem : the file pointer goes backwards when a negative attribute_length is read. In this case we go 14 bytes backwards, so that the same field is read again.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
No source code, manual edition required.
---------- END SOURCE ----------
java version "1.5.0_01"
Java (TM) 2 Runtime Environment, Standard Edition (build 1.5.0_01-b08)
Java HotSpot(TM) Client VM (build 1.5.0_01-b08, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
The runtime interprets large attribute_length values incorrectly. Values in the range 0x80000000 and 0xFFFFFFFF are considered negative.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1/ Compile a Test class containing a final field.
2/ Set the attribute_length to 0xFFFFFFFF in the ConstantValue attribute
3/ run Test
or
1/ Compile a Test2 class containing a final field
2/ replace "ConstantValue" with something else (any name not recognized by the VM)
3/ set the attribute_length to 0xFFFFFFF2 (-14)
4/ run Test2
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Exception in thread "main" java.lang.ClassFormatError: Truncated Class File for both Test and Test2
ACTUAL -
Exception in thread "main" java.lang.ClassFormatError: Invalid ConstantValue field attribute_length -1 in class file Test
and
Exception in thread "main" java.lang.ClassFormatError: Repetitive field name/signature in class file Test2
The latter shows another problem : the file pointer goes backwards when a negative attribute_length is read. In this case we go 14 bytes backwards, so that the same field is read again.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
No source code, manual edition required.
---------- END SOURCE ----------