Integer overflow in Array#fill
------------------------------
Key: JRUBY-1875
URL: http://jira.codehaus.org/browse/JRUBY-1875
Project: JRuby
Issue Type: Bug
Components: Core Classes/Modules
Affects Versions: JRuby 1.x
Environment: Latest JRuby 1.1b1 from trunk
Reporter: Vladimir Sizikov
Attachments: array-fill-exception.patch
{noformat}
a.fill(10, 1, 2**31 - 1)
a.fill(10, 1, 2**31)
a.fill(10, 1, 2**31 + 1)
a.fill(10, 1, 2**32)
{noformat}
Eeach of these statements leads to:
Exception in thread "main" java.lang.NegativeArraySizeException
at org.jruby.RubyArray.realloc(RubyArray.java:309)
at org.jruby.RubyArray.fill(RubyArray.java:1483)
at org.jruby.RubyArrayInvoker$fill_method_0_3.call(Unknown Source)
In the latest MRI 1.8.6 the results are:
ArgumentError: argument too big
RangeError: bignum too big to convert into `long'
RangeError: bignum too big to convert into `long'
RangeError: bignum too big to convert into `long'
This also leads to one rubyspec failure for Array.
The proposed patch (with regression tests) fixes the problem, and the spec
failure.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
