Re: [Sablevm-developer] Crash on System.arraycopy()

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Sun, Mar 14, 2004 at 11:56:04PM +0100, Mark Wielaard wrote:
> Hi,
>=20
> The following crashes sablevm. It should give a
> ArrayIndexOutOfBoundsException. (Similar test is in Mauve btw.)
>=20

Hi,

Thanks for reporting the bug.

SableVM code to check bounds:
    if (src_position < 0 ||
	dst_position < 0 ||
	length < 0 ||
	src_position + length > src_instance->size ||
	dst_position + length > dst_instance->size)
      {
	_svmf_error_ArrayIndexOutOfBoundsException (env);
	goto end;
      }

So basically: src_position + length overflows and become negative.

What about moving the length the other side of > :

src_position > src_instance->size - length

because of the other tests, we know that:
src_position is >=3D 0
length is 0 <=3D length <=3D MAX_INT

and
src_instance->size is >=3D 0

So I guess it solves the overflow problem.

Any comments?
I will check this fix in staging.

David

---

David B=E9langer
Graduate Student
School of Computer Science
McGill University
Office: MC226

Web page:   http://www.cs.mcgill.ca/~dbelan2/
Public key: http://www.cs.mcgill.ca/~dbelan2/public_key.txt