| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8354139 | 21.0.9-oracle | Johny Jose | P4 | Open | Unresolved | |
| JDK-8354140 | 17.0.17-oracle | Johny Jose | P4 | Open | Unresolved |
During the de-serialization of MessageFormat, an offset greater than the pattern length should not be allowed. Using said format can later throw a SIOOBE down the line. It seems that the existing check in readObject is off by 1.
- backported by
-
JDK-8354139 Improve MessageFormat readObject checks
-
- Open
-
-
-
- Open
-
- links to
-
Commit(master)
openjdk/jdk/7af46a6b
-
Review(master)
openjdk/jdk/21570