1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
# HG changeset patch
# User mullan
# Date 1375219222 14400
# Tue Jul 30 17:20:22 2013 -0400
# Node ID 3e758b40337ef9da5ad030d0ac60ab4407357277
# Parent 5e3c766d18092d498d9019827c1058a32f1c4e2a
8021290: Better signature validation
Reviewed-by: xuelei, ahgross
diff -r 5e3c766d1809 -r 3e758b40337e src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayOutputStream.java
--- jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayOutputStream.java Fri Oct 15 10:55:59 2010 -0400
+++ jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayOutputStream.java Tue Jul 30 17:20:22 2013 -0400
@@ -44,6 +44,9 @@
}
public void write(byte[] arg0) {
+ if ((Integer.MAX_VALUE - pos) < arg0.length) {
+ throw new OutOfMemoryError();
+ }
int newPos = pos + arg0.length;
if (newPos > size) {
expandSize(newPos);
@@ -53,6 +56,9 @@
}
public void write(byte[] arg0, int arg1, int arg2) {
+ if ((Integer.MAX_VALUE - pos) < arg2) {
+ throw new OutOfMemoryError();
+ }
int newPos = pos + arg2;
if (newPos > size) {
expandSize(newPos);
@@ -62,6 +68,9 @@
}
public void write(int arg0) {
+ if ((Integer.MAX_VALUE - pos) == 0) {
+ throw new OutOfMemoryError();
+ }
int newPos = pos + 1;
if (newPos > size) {
expandSize(newPos);
@@ -82,7 +91,11 @@
private void expandSize(int newPos) {
int newSize = size;
while (newPos > newSize) {
- newSize = newSize<<2;
+ newSize = newSize << 1;
+ // Deal with overflow
+ if (newSize < 0) {
+ newSize = Integer.MAX_VALUE;
+ }
}
byte newBuf[] = new byte[newSize];
System.arraycopy(buf, 0, newBuf, 0, pos);
|
