From: Christian Thalinger Date: Fri, 13 Jun 2008 21:02:18 +0000 (+0200) Subject: Fixes PR80. X-Git-Url: http://wien.tomnetworks.com/gitweb/?p=cacao.git;a=commitdiff_plain;h=b1e40170fdc87a9767ab1984ff7eec6a581b4ead Fixes PR80. * src/vm/builtin.c (builtin_arraycopy): Fixed range checks, cast to unsigned values. * tests/regression/bugzilla/All.java (suite): Added PR80. * tests/regression/bugzilla/PR80.java: New file. --- diff --git a/src/vm/builtin.c b/src/vm/builtin.c index 86ba2e546..85c56f568 100644 --- a/src/vm/builtin.c +++ b/src/vm/builtin.c @@ -2123,15 +2123,24 @@ void builtin_arraycopy(java_handle_t *src, s4 srcStart, return; } - /* we try to throw exception with the same message as SUN does */ + // Check if offsets and length are positive. + if ((srcStart < 0) || (destStart < 0) || (len < 0)) { + exceptions_throw_arrayindexoutofboundsexception(); + return; + } - if ((len < 0) || (srcStart < 0) || (destStart < 0) || - (srcStart + len < 0) || (srcStart + len > LLNI_array_size(src)) || - (destStart + len < 0) || (destStart + len > LLNI_array_size(dest))) { + // Check if ranges are valid. + if ((((uint32_t) srcStart + (uint32_t) len) > (uint32_t) LLNI_array_size(src)) || + (((uint32_t) destStart + (uint32_t) len) > (uint32_t) LLNI_array_size(dest))) { exceptions_throw_arrayindexoutofboundsexception(); return; } + // Special case. + if (len == 0) { + return; + } + if (sdesc->componentvftbl == ddesc->componentvftbl) { /* We copy primitive values or references of exactly the same type */ diff --git a/tests/regression/bugzilla/All.java b/tests/regression/bugzilla/All.java index e5fcac12f..bdf089878 100644 --- a/tests/regression/bugzilla/All.java +++ b/tests/regression/bugzilla/All.java @@ -48,6 +48,7 @@ public class All extends TestCase { suite.addTest(new TestSuite(PR57.class)); suite.addTest(new TestSuite(PR58.class)); suite.addTest(new TestSuite(PR65.class)); + suite.addTest(new TestSuite(PR80.class)); return suite; } diff --git a/tests/regression/bugzilla/PR80.java b/tests/regression/bugzilla/PR80.java new file mode 100644 index 000000000..5e6e401cb --- /dev/null +++ b/tests/regression/bugzilla/PR80.java @@ -0,0 +1,48 @@ +/* tests/regression/bugzilla/PR80.java + + Copyright (C) 2008 + CACAOVM - Verein zur Foerderung der freien virtuellen Maschine CACAO + + This file is part of CACAO. + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2, or (at + your option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301, USA. + +*/ + + +import junit.framework.*; +import junit.textui.*; + +public class PR80 extends TestCase { + public static void main(String[] args) { + TestRunner.run(suite()); + } + + public static Test suite() { + return new TestSuite(PR80.class); + } + + public void test() { + try { + // Taken from Mauve gnu.testlet.java.lang.System.arraycopy + int[] a = new int[5]; + int[] b = new int[5]; + System.arraycopy(a, 4, b, 4, Integer.MAX_VALUE); + fail("Should throw ArrayIndexOutOfBoundsException"); + } catch (ArrayIndexOutOfBoundsException success) { + } + } +}