On 9/4/06, Boris Kuznetsov <[EMAIL PROTECTED]> wrote:
Usually Harmony behavior is compared with RI behavior. But in security area RI behavior depends on provider. With different providers RI behave differently. For example, RI passes incorrect method arguments to provider. In such cases provider may throw exception (e.g. DigestException or IllegalArgumentException) or some RuntimeException (e.g. ArrayIndexOutOfBoundsException) may be thrown during the execution. Here is example. There are number of methods with arguments like (byte[] buf, int offset, int len). RI doesn't check if offset and len are negative but Harmony does, so we have difference in behavior (see Harmony-1120, 1148): on combination RI + provider application gets provider specific exception, but on Harmony + provider - IllegalArgumentException (as in other invalid parameters cases). So we have two options: 1. Fix Harmony (remove negative parameters checks) 2. Don't fix. Throw IllegalArgumentException for invalid parameters. Document as non-bug difference from RI. Note, specification doesn't describe implementation behavior for invalid arguments, but RI also throws IllegalArgumentException if ofsset+len > buf.length. So throwing of IllegalArgumentException in Harmony can't break any application. I suggest option 2.
I like option1. Why not just pass all parameters to provider as RI, and let the provider determine the behaviour? Thoughts?
Thanks, Boris --------------------------------------------------------------------- Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Andrew Zhang China Software Development Lab, IBM
