Menu

#323 Array/string range checks

3.0.1
closed-fixed
None
5
2014-12-01
2014-11-30
No

I played with range checking of array instructions and methods and found some real bugs in several projects. A couple of examples:
- JavaHLSvnStatusClient#doStatus method creates an array of 0 elements, then accesses 0th element.
- AtomTools#calculate3DCoordinates0 method creates an empty array and recreates it to non-empty only in one branch.

Thus I think it would be nice to add such checks to FindBugs:
- If we know array length, we may check xaload, xastore instructions as well as System.arraycopy, InputStream.read(array, offset, length) and some other methods and warn if constant index/offset/length is used which violates the array bounds.
- If we know the String, we may check some its methods like charAt, substring which take an index as the input and warn if the index violates the string bounds.

To do this we have to track array length. It can be easily done by storing it as Integer into Item.constValue field (it's not used for arrays anyways). This can be useful in other places as well (for example, detection of empty array in CovariantArrayAssignment detector will be easier and more robust). I will implement this.

Discussion

  • Tagir Valeev

    Tagir Valeev - 2014-12-01
    • status: open-accepted --> closed-fixed
    • Group: 3.x --> 3.0.1
     

Log in to post a comment.