db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4088) DDMReader readBytes ArrayIndexOutOfBoundsException
Date Tue, 10 Mar 2009 13:34:50 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4088?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680461#action_12680461
] 

Knut Anders Hatlen commented on DERBY-4088:
-------------------------------------------

Thanks for the bug report. If possible, could you also provide step-by-step description of
how to reproduce the bug? The stack trace of the ArrayIndexOutOfBoundsException would also
be helpful.

I haven't been able to reproduce the bug myself, so I can't say if the patch is correct. My
understanding of that code is that the check against MAX_DSS_LENGTH is used to determine the
format of the byte string, which should not be affected by the current position in the read
buffer. It is the call to ensureBLayerDataInBuffer() that is supposed to ensure that the read
buffer is large enough and prevent that the AIOOBE is thrown. So my initial reaction is that
the bug is probably somewhere else.

> DDMReader readBytes ArrayIndexOutOfBoundsException
> --------------------------------------------------
>
>                 Key: DERBY-4088
>                 URL: https://issues.apache.org/jira/browse/DERBY-4088
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server
>    Affects Versions: 10.4.2.0
>         Environment: CentOS 5, java 1.6.0_11
>            Reporter: Urban Widmark
>         Attachments: derby-ddm.patch
>
>
> DDMReader.readBytes(int length) checks the length vs DssConstants.MAX_DSS_LENGTH, but
ignores the fact that the buffer position "pos" might not be 0. If pos is non-zero then the
pos + length can be larger than the size of "buffer" causing an ArrayIndexOutOfBoundsException.
> For me this happened when sending a BLOB that was 32766 bytes long. The value of pos
was 2 in that method.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message