From 073a3d56ea7505126469dd9ed4c20a7a8923690d Mon Sep 17 00:00:00 2001
From: Kenny Root <kroot@google.com>
Date: Wed, 17 Feb 2010 08:25:47 -0800
Subject: Add better index checks for AndroidCharacter.mirror

Fix potential invalid array access if start index is before the
beginning of the array or start + count is past the end of the array.
Update Javadoc for mirror to reflect the usage of "start" and "count".

Change-Id: I7e596de8eae5c518a2b4ff0d28604bd9c59f9d9d
---
 core/jni/android_text_AndroidCharacter.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'core/jni')

diff --git a/core/jni/android_text_AndroidCharacter.cpp b/core/jni/android_text_AndroidCharacter.cpp
index 1353478..5d8d419 100644
--- a/core/jni/android_text_AndroidCharacter.cpp
+++ b/core/jni/android_text_AndroidCharacter.cpp
@@ -165,7 +165,8 @@ static jboolean mirror(JNIEnv* env, jobject obj, jcharArray charArray, int start
         goto MIRROR_END;
     }
 
-    if (start > start + count || env->GetArrayLength(charArray) < count) {
+    if (start < 0 || start > start + count
+            || env->GetArrayLength(charArray) < start + count) {
         jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", NULL);
         goto MIRROR_END;
     }
-- 
cgit v1.1