-
Bug
-
Resolution: Fixed
-
P3
-
8, 9
-
None
-
b150
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8183886 | 8u161 | Hannes Wallnoefer | P3 | Resolved | Fixed | b01 |
| JDK-8172654 | 8u152 | Hannes Wallnoefer | P3 | Resolved | Fixed | b01 |
| JDK-8192729 | emb-8u161 | Hannes Wallnoefer | P3 | Resolved | Fixed | b01 |
There are two bugs in the implementation of shift() in SparseArrayData. Both really occur in the underlying dense array. The first is caused by doing an arraycopy on a zero-length array:
var a = []
a[1048577] = 1
a.shift()
Throws:
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy(java.base@9-ea/Native Method)
at jdk.nashorn.internal.runtime.arrays.IntArrayData.shiftLeft(jdk.scripting.nashorn@9-ea/IntArrayData.java:180)
at jdk.nashorn.internal.runtime.arrays.SparseArrayData.shiftLeft(jdk.scripting.nashorn@9-ea/SparseArrayData.java:93)
at jdk.nashorn.internal.objects.NativeArray.shift(jdk.scripting.nashorn@9-ea/NativeArray.java:1148)
at jdk.nashorn.internal.scripts.Script$Recompilation$1$shift/403147759.:program(jdk.scripting.nashorn.scripts/shift.js:4)
at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(jdk.scripting.nashorn@9-ea/ScriptFunctionData.java:652)
at jdk.nashorn.internal.runtime.ScriptFunction.invoke(jdk.scripting.nashorn@9-ea/ScriptFunction.java:513)
at jdk.nashorn.internal.runtime.ScriptRuntime.apply(jdk.scripting.nashorn@9-ea/ScriptRuntime.java:489)
at jdk.nashorn.tools.Shell.apply(jdk.scripting.nashorn@9-ea/Shell.java:519)
at jdk.nashorn.tools.Shell.runScripts(jdk.scripting.nashorn@9-ea/Shell.java:448)
at jdk.nashorn.tools.Shell.run(jdk.scripting.nashorn@9-ea/Shell.java:186)
at jdk.nashorn.tools.jjs.Main.main(jdk.scripting.nashorn.shell@9-ea/Main.java:104)
at jdk.nashorn.tools.jjs.Main.main(jdk.scripting.nashorn.shell@9-ea/Main.java:80)
The second one is caused by missing setLength in shift implementation of underlying dense array:
var a = []
a[1048577] = 1
a[1] = 1
a.shift()
print(Object.keys(a))
Actual: 0,1,1048576
Expected: 0,1048576
var a = []
a[1048577] = 1
a.shift()
Throws:
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy(java.base@9-ea/Native Method)
at jdk.nashorn.internal.runtime.arrays.IntArrayData.shiftLeft(jdk.scripting.nashorn@9-ea/IntArrayData.java:180)
at jdk.nashorn.internal.runtime.arrays.SparseArrayData.shiftLeft(jdk.scripting.nashorn@9-ea/SparseArrayData.java:93)
at jdk.nashorn.internal.objects.NativeArray.shift(jdk.scripting.nashorn@9-ea/NativeArray.java:1148)
at jdk.nashorn.internal.scripts.Script$Recompilation$1$shift/403147759.:program(jdk.scripting.nashorn.scripts/shift.js:4)
at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(jdk.scripting.nashorn@9-ea/ScriptFunctionData.java:652)
at jdk.nashorn.internal.runtime.ScriptFunction.invoke(jdk.scripting.nashorn@9-ea/ScriptFunction.java:513)
at jdk.nashorn.internal.runtime.ScriptRuntime.apply(jdk.scripting.nashorn@9-ea/ScriptRuntime.java:489)
at jdk.nashorn.tools.Shell.apply(jdk.scripting.nashorn@9-ea/Shell.java:519)
at jdk.nashorn.tools.Shell.runScripts(jdk.scripting.nashorn@9-ea/Shell.java:448)
at jdk.nashorn.tools.Shell.run(jdk.scripting.nashorn@9-ea/Shell.java:186)
at jdk.nashorn.tools.jjs.Main.main(jdk.scripting.nashorn.shell@9-ea/Main.java:104)
at jdk.nashorn.tools.jjs.Main.main(jdk.scripting.nashorn.shell@9-ea/Main.java:80)
The second one is caused by missing setLength in shift implementation of underlying dense array:
var a = []
a[1048577] = 1
a[1] = 1
a.shift()
print(Object.keys(a))
Actual: 0,1,1048576
Expected: 0,1048576
- backported by
-
JDK-8172654 Missing checks in sparse array shift() implementation
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-