On 10.02.2016 16:51, Chris Hegarty wrote:
> On 08/02/16 21:54, Aleksey Shipilev wrote:
>> ...
>> Still, the corrupted stream may call readUTFBody(1L +
>> Integer.MAX_VALUE), that yields initial capacity of -2147483648, which
>> in turn fails StringBuilder(...) with NegativeArraySizeException. But I
>> wonder if that is actually a valid UTF8 input, because you cannot have
>> that large of a String...
>
> Right. To retain existing behavior (negative sizes => empty string)
> then we can just short-circuit this.
>
> diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.java
> b/src/java.base/share/classes/java/io/ObjectInputStream.java
> --- a/src/java.base/share/classes/java/io/ObjectInputStream.java
> +++ b/src/java.base/share/classes/java/io/ObjectInputStream.java
> @@ -3144,7 +3144,12 @@
> * utflen bytes.
> */
> private String readUTFBody(long utflen) throws IOException {
> - StringBuilder sbuf = new StringBuilder();
> + if (utflen < 0)
> + return "";
> +
> + // a reasonable initial capacity based on the UTF length
> + int initialCapacity = Math.min((int)utflen, 16384);
> + StringBuilder sbuf = new StringBuilder(initialCapacity);
> if (!blkmode) {
> end = pos = 0;
> }
Um (Integer.MAX_VALUE + 1L) is still a positive long, you probably want:
int ilen = (int)utflen;
if (ilen < 0)
return "";
int initialCapacity = Math.min(ilen, 16384);
...or:
if (utflen < 0 || utflen > Integer.MAX_INT)
return "";
int initialCapacity = Math.min((int)utflen, 16384);
Cheers,
-Aleksey
