Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8024971 Fuzzing results on nashorn by Andre
  3. JDK-8047359

large string size RangeError should be thrown rather than reporting negative length

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: 9
    • Fix Version/s: 9
    • Component/s: core-libs
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b22
    • CPU:
      generic
    • OS:
      generic

      Backports

        Description

        jjs -doe

        jjs> s = " "; for (var i=0;i<31;++i) s+=s; s.length
        -2147483648

        jjs> s = " "; for (var i=0;i<31;++i) s+=s;
        Exception in thread "main" java.lang.NegativeArraySizeException
        at jdk.nashorn.internal.runtime.ConsString.flatten(ConsString.java:87)
        at jdk.nashorn.internal.runtime.ConsString.flattened(ConsString.java:80)
        at jdk.nashorn.internal.runtime.ConsString.toString(ConsString.java:60)
        at jdk.nashorn.internal.runtime.JSType.toStringImpl(JSType.java:1295)
        at jdk.nashorn.internal.runtime.JSType.toString(JSType.java:540)
        at jdk.nashorn.tools.Shell.readEvalPrint(Shell.java:458)
        at jdk.nashorn.tools.Shell.run(Shell.java:158)
        at jdk.nashorn.tools.Shell.main(Shell.java:133)
        at jdk.nashorn.tools.Shell.main(Shell.java:112)

        Perhaps we should catch NegativeArraySizeException and throw RangeError? In any case reporting negative length should be avoided.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                sundar Sundararajan Athijegannathan
                Reporter:
                sundar Sundararajan Athijegannathan
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: