Re: RFR [9]8134424: BlockDataInputStream.readUTFBody: examine sizing local StringBuffer with the given length

Chris Hegarty Wed, 10 Feb 2016 05:51:58 -0800

On 08/02/16 21:54, Aleksey Shipilev wrote:

...
Still, the corrupted stream may call readUTFBody(1L +
Integer.MAX_VALUE), that yields initial capacity of -2147483648, which
in turn fails StringBuilder(...) with NegativeArraySizeException. But I
wonder if that is actually a valid UTF8 input, because you cannot have
that large of a String...


Right. To retain existing behavior (negative sizes => empty string)
then we can just short-circuit this.

diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.javab/src/java.base/share/classes/java/io/ObjectInputStream.java

--- a/src/java.base/share/classes/java/io/ObjectInputStream.java
+++ b/src/java.base/share/classes/java/io/ObjectInputStream.java
@@ -3144,7 +3144,12 @@
          * utflen bytes.
          */
         private String readUTFBody(long utflen) throws IOException {
-            StringBuilder sbuf = new StringBuilder();
+            if (utflen < 0)
+                return "";
+
+            // a reasonable initial capacity based on the UTF length
+            int initialCapacity = Math.min((int)utflen, 16384);
+            StringBuilder sbuf = new StringBuilder(initialCapacity);
             if (!blkmode) {
                 end = pos = 0;
             }


-Chris.

Re: RFR [9]8134424: BlockDataInputStream.readUTFBody: examine sizing local StringBuffer with the given length

Reply via email to