archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 06:45:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8278428: ObjectInputStream.readFully range check incorrect

Browse source 
Reviewed-by: alanb
This commit is contained in:
Roger Riggs 2021-12-08 20:37:41 +00:00
parent 5a80abf706
commit 8e8fadf2d4
2 changed files with 45 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/java.base/share/classes/java/io/ObjectInputStream.java
View file

@ -1204,7 +1204,7 @@ public class ObjectInputStream
* @throws IOException If other I/O error has occurred. * @throws IOException If other I/O error has occurred.
*/ */
public void readFully(byte[] buf, int off, int len) throws IOException { public void readFully(byte[] buf, int off, int len) throws IOException {
Objects.checkFromToIndex(off, len, buf.length); Objects.checkFromIndexSize(off, len, buf.length);
bin.readFully(buf, off, len, false); bin.readFully(buf, off, len, false);
} }

47
test/jdk/java/io/Serializable/oldTests/WritePrimitive.java
View file

@ -32,15 +32,12 @@
*/ */
import java.io.*; import java.io.*;
import java.util.Arrays;
public class WritePrimitive { public class WritePrimitive {
public static void main (String argv[]) throws IOException { public static void main (String argv[]) throws IOException {
System.err.println("\nRegression test for testing of " + System.err.println("\nRegression test for testing of " +
"serialization/deserialization of primitives \n"); "serialization/deserialization of primitives \n");
FileInputStream istream = null;
FileOutputStream ostream = null;
try {
int i = 123456; int i = 123456;
byte b = 12; byte b = 12;
short s = 45; short s = 45;
@ -51,9 +48,11 @@ public class WritePrimitive {
boolean z = true; boolean z = true;
String string = "The String"; String string = "The String";
PrimitivesTest prim = new PrimitivesTest(); PrimitivesTest prim = new PrimitivesTest();
byte[] ba = {1, 2, 3, 4, 5, 6, 7}; // byte array to write
ostream = new FileOutputStream("piotest1.tmp"); byte[] bytes;
ObjectOutputStream p = new ObjectOutputStream(ostream); try (ByteArrayOutputStream ostream = new ByteArrayOutputStream();
ObjectOutputStream p = new ObjectOutputStream(ostream)) {
p.writeInt(i); p.writeInt(i);
p.writeByte(b); p.writeByte(b);
@ -63,14 +62,20 @@ public class WritePrimitive {
p.writeFloat(f); p.writeFloat(f);
p.writeDouble(d); p.writeDouble(d);
p.writeBoolean(z); p.writeBoolean(z);
p.write(ba); // for simple read(byte[])
p.write(ba); // for readFully(byte[])
p.write(ba, 0, ba.length - 2); // for readFully(byte[], 0, 7)
p.writeUTF(string); p.writeUTF(string);
p.writeObject(string); p.writeObject(string);
p.writeObject(prim); p.writeObject(prim);
p.flush(); p.flush();
bytes = ostream.toByteArray();
istream = new FileInputStream("piotest1.tmp"); }
ObjectInputStream q = new ObjectInputStream(istream);
ByteArrayInputStream istream = new ByteArrayInputStream(bytes);
try (ObjectInputStream q = new ObjectInputStream(istream);) {
int i_u = q.readInt(); int i_u = q.readInt();
byte b_u = q.readByte(); byte b_u = q.readByte();
@ -80,6 +85,12 @@ public class WritePrimitive {
float f_u = q.readFloat(); float f_u = q.readFloat();
double d_u = q.readDouble(); double d_u = q.readDouble();
boolean z_u = q.readBoolean(); boolean z_u = q.readBoolean();
byte[] ba_readBuf = new byte[ba.length];
int ba_readLen = q.read(ba_readBuf);
byte[] ba_readFullyBuf = new byte[ba.length];
int ba_readFullyLen = q.read(ba_readFullyBuf);
byte[] ba_readFullySizedBuf = new byte[ba.length];
int ba_readFullySizedLen = q.read(ba_readFullySizedBuf, 0, ba.length - 1);
String string_utf = q.readUTF(); String string_utf = q.readUTF();
String string_u = (String)q.readObject(); String string_u = (String)q.readObject();
if (i != i_u) { if (i != i_u) {
@ -120,6 +131,10 @@ public class WritePrimitive {
z_u); z_u);
throw new Error(); throw new Error();
} }
checkArray("read(byte[])", ba, ba.length, ba_readBuf, ba_readLen);
checkArray("readFully(byte[])", ba, ba.length, ba_readFullyBuf, ba_readFullyLen);
checkArray("readFully(byte[], off, len)", ba, ba.length - 2, ba_readFullySizedBuf, ba_readFullySizedLen);
if (!string.equals(string_utf)) { if (!string.equals(string_utf)) {
System.err.println("\nString: expected " + string + System.err.println("\nString: expected " + string +
" actual " + string_utf); " actual " + string_utf);
@ -144,20 +159,26 @@ public class WritePrimitive {
System.err.print("TEST FAILED: "); System.err.print("TEST FAILED: ");
e.printStackTrace(); e.printStackTrace();
System.err.println("\nInput remaining"); System.err.println("\nBytes read: " + (bytes.length - istream.available()) +
", Input remaining: " + istream.available());
int ch; int ch;
try { try {
while ((ch = istream.read()) != -1) { while ((ch = istream.read()) != -1) {
System.err.print("\n " + Integer.toString(ch, 16)+ " "); System.err.print("\n " + Integer.toString(ch, 16)+ " ");
} }
System.out.println("\n "); System.out.println("\n ");
} catch (Exception f) { } catch (Exception fex) {
throw new Error(); throw new Error();
} }
throw new Error(); throw new Error();
} finally { }
if (istream != null) istream.close(); }
if (ostream != null) ostream.close();
static void checkArray(String label, byte[] expected, int expectedLen, byte[] actual, int actualLen) {
int mismatch = Arrays.mismatch(expected, 0, expectedLen, actual, 0, actualLen);
if (actualLen != expectedLen || mismatch >= 0) {
System.err.println("\n" + label + ": expected " + expectedLen + " actual " + actualLen + ", mismatch: " + mismatch);
throw new Error();
} }
} }
} }