On 9/4/06, Boris Kuznetsov wrote:
Usually Harmony behavior is compared with RI behavior. But in security area RI behavior depends on provider. With different providers RI behave differently. For example, RI passes incorrect method arguments to provider. In such cases provider may throw exception (e.g. DigestException or IllegalArgumentException) or some RuntimeException (e.g. ArrayIndexOutOfBoundsException) may be thrown during the execution. Here is example. There are number of methods with arguments like (byte[] buf, int offset, int len). RI doesn't check if offset and len are negative but Harmony does, so we have difference in behavior (see Harmony-1120, 1148): on combination RI + provider application gets provider specific exception, but on Harmony + provider - IllegalArgumentException (as in other invalid parameters cases). So we have two options: 1. Fix Harmony (remove negative parameters checks) 2. Don't fix. Throw IllegalArgumentException for invalid parameters. Document as non-bug difference from RI.
Hi, Boris. We agreed to be exceptions-compatible with RI so we would have chosen the first option. But I think that the first option is not suitable. I'll try to explain why. I have a look at MessageDigest.java and mentioned JIRAs: so there are 4 cases when parameters are invalid and an implementation has to check if: 1) buf - is null 2) offset < 0 3) len < 0 4) offset + len > buf's len The first option means that we have to remove 2 and 3 checks. And leave 1 and 4 as RI does. But 4 check is meaningless without 2 and 3. IOW, it is only valid if offset and len params are correct. IMO chosing the first option is copying inconsistent behaviour. So I vote for the second option. Thanks, Stepan. Note, specification doesn't describe implementation behavior for
invalid arguments, but RI also throws IllegalArgumentException if ofsset+len > buf.length. So throwing of IllegalArgumentException in Harmony can't break any application. I suggest option 2. Thoughts? Thanks, Boris ------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
