On Mon, 17 May 2021 12:33:53 GMT, Fabian Meumertzheim <github.com+4312191+fm...@openjdk.org> wrote:
> `sun.security.util.DerIndefLenConverter#convertBytes` does not perform > sufficient checks after calling `#parseValue`, which can overflow `dataPos` > or make it exceed `dataSize`. This can lead to an > `ArrayIndexOutOfBoundsException`. > > The fix is to ensure `dataPos` is in the valid range `[0,dataSize]` after the > call to `parseValue`. The referenced bug is https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8267086, but for some reason the reference is shown as not valid. ------------- PR: https://git.openjdk.java.net/jdk/pull/4058
