CHECK_NON_NULL_ARGUMENT_RETURN_VOID(java_string);
ScopedObjectAccess soa(env);
mirror::String* s = soa.Decode<mirror::String*>(java_string);
- if (start < 0 || length < 0 || start + length > s->GetLength()) {
+ if (start < 0 || length < 0 || length > s->GetLength() - start) {
ThrowSIOOBE(soa, start, length, s->GetLength());
} else {
CHECK_NON_NULL_MEMCPY_ARGUMENT(length, buf);
CHECK_NON_NULL_ARGUMENT_RETURN_VOID(java_string);
ScopedObjectAccess soa(env);
mirror::String* s = soa.Decode<mirror::String*>(java_string);
- if (start < 0 || length < 0 || start + length > s->GetLength()) {
+ if (start < 0 || length < 0 || length > s->GetLength() - start) {
ThrowSIOOBE(soa, start, length, s->GetLength());
} else {
CHECK_NON_NULL_MEMCPY_ARGUMENT(length, buf);
"GetPrimitiveArrayRegion",
"get region of");
if (array != nullptr) {
- if (start < 0 || length < 0 || start + length > array->GetLength()) {
+ if (start < 0 || length < 0 || length > array->GetLength() - start) {
ThrowAIOOBE(soa, array, start, length, "src");
} else {
CHECK_NON_NULL_MEMCPY_ARGUMENT(length, buf);
"SetPrimitiveArrayRegion",
"set region of");
if (array != nullptr) {
- if (start < 0 || length < 0 || start + length > array->GetLength()) {
+ if (start < 0 || length < 0 || length > array->GetLength() - start) {
ThrowAIOOBE(soa, array, start, length, "dst");
} else {
CHECK_NON_NULL_MEMCPY_ARGUMENT(length, buf);
env_->set_region_fn(a, size - 1, size, nullptr); \
ExpectException(aioobe_); \
\
+ /* Regression test against integer overflow in range check. */ \
+ env_->get_region_fn(a, 0x7fffffff, 0x7fffffff, nullptr); \
+ ExpectException(aioobe_); \
+ env_->set_region_fn(a, 0x7fffffff, 0x7fffffff, nullptr); \
+ ExpectException(aioobe_); \
+ \
/* It's okay for the buffer to be null as long as the length is 0. */ \
env_->get_region_fn(a, 2, 0, nullptr); \
/* Even if the offset is invalid... */ \
ExpectException(sioobe_);
env_->GetStringRegion(s, 10, 1, nullptr);
ExpectException(sioobe_);
+ // Regression test against integer overflow in range check.
+ env_->GetStringRegion(s, 0x7fffffff, 0x7fffffff, nullptr);
+ ExpectException(sioobe_);
jchar chars[4] = { 'x', 'x', 'x', 'x' };
env_->GetStringRegion(s, 1, 2, &chars[1]);
ExpectException(sioobe_);
env_->GetStringUTFRegion(s, 10, 1, nullptr);
ExpectException(sioobe_);
+ // Regression test against integer overflow in range check.
+ env_->GetStringUTFRegion(s, 0x7fffffff, 0x7fffffff, nullptr);
+ ExpectException(sioobe_);
char bytes[4] = { 'x', 'x', 'x', 'x' };
env_->GetStringUTFRegion(s, 1, 2, &bytes[1]);
OSDN Git Service
