Re: [Sablevm-developer] Crash on System.arraycopy()
Brought to you by:
egagnon
Menu
▾
▴
Re: [Sablevm-developer] Crash on System.arraycopy()
|
From: Etienne G. <gag...@uq...> - 2004-03-15 03:00:17
|
Hi David, I don't know if we have yet implemented the simple unsigned comparison for array bounds check. I think that, again, unsigned comparison would save the day, here. See below. David B=E9langer wrote: > SableVM code to check bounds: > if (src_position < 0 || > dst_position < 0 || > length < 0 || > src_position + length > src_instance->size || > dst_position + length > dst_instance->size) >...=20 > So basically: src_position + length overflows and become negative. (_svmt_u32) src_position + (_svmt_u32) length > (_svmt_u32) src_instance-= >size Etienne --=20 Etienne M. Gagnon, Ph.D. http://www.info.uqam.ca/~egagnon/ SableVM: http://www.sablevm.org/ SableCC: http://www.sablecc.org/ |
