On 9/4/06, Boris Kuznetsov <[EMAIL PROTECTED]> wrote:
Usually Harmony behavior is compared with RI behavior. But in security
area RI behavior depends on provider. With different providers RI
behave differently.
For example, RI passes incorrect method arguments to provider. In such
cases provider may throw exception (e.g. DigestException or
IllegalArgumentException) or some RuntimeException (e.g.
ArrayIndexOutOfBoundsException) may be thrown during the execution.
Here is example.
There are number of methods with arguments like (byte[] buf, int
offset, int len). RI doesn't check if offset and len are negative but
Harmony does, so we have difference in behavior (see Harmony-1120,
1148): on combination RI + provider application gets provider specific
exception, but on Harmony + provider - IllegalArgumentException (as in
other invalid parameters cases).
So we have two options:
1. Fix Harmony (remove negative parameters checks)
2. Don't fix. Throw IllegalArgumentException for invalid parameters.
Document as non-bug difference from RI.
Note, specification doesn't describe implementation behavior for
invalid arguments, but RI also throws IllegalArgumentException if
ofsset+len > buf.length. So throwing of IllegalArgumentException in
Harmony can't break any application.
I suggest option 2.
Thoughts?
According to our "Compatibility guidelines"[1], I suggest we follow RI
for this issue, because the spec does not describe the behavior
clearly and it seems that RI's behavior is not so illogical ;-)
[1] http://incubator.apache.org/harmony/subcomponents/classlibrary/compat.html
Best regards,
Richard
Thanks,
Boris
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Richard Liang
China Software Development Lab, IBM
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
