diff options
| author | Mihai Preda <preda@google.com> | 2009-05-25 22:00:34 +0200 |
|---|---|---|
| committer | Mihai Preda <preda@google.com> | 2009-05-26 15:29:52 +0200 |
| commit | 9932735d0306721523082f77b0a9ba4aa4db8cdb (patch) | |
| tree | 8088541c6ad2671fa0afd1a0f582630e1c161ecf /icu/src/main/java | |
| parent | 4a18dac1dae17aefb889a458497f3b9a5a6a64ef (diff) | |
| download | libcore-9932735d0306721523082f77b0a9ba4aa4db8cdb.zip libcore-9932735d0306721523082f77b0a9ba4aa4db8cdb.tar.gz libcore-9932735d0306721523082f77b0a9ba4aa4db8cdb.tar.bz2 | |
Bug 1844104: Fix buffer overwrite bugs in CharsetEncoderICU and CharsetDecoderICU.
And add unit test.
Diffstat (limited to 'icu/src/main/java')
| -rw-r--r-- | icu/src/main/java/com/ibm/icu4jni/charset/CharsetDecoderICU.java | 27 | ||||
| -rw-r--r-- | icu/src/main/java/com/ibm/icu4jni/charset/CharsetEncoderICU.java | 32 |
2 files changed, 47 insertions, 12 deletions
diff --git a/icu/src/main/java/com/ibm/icu4jni/charset/CharsetDecoderICU.java b/icu/src/main/java/com/ibm/icu4jni/charset/CharsetDecoderICU.java index 3b9bf86..206f0c8 100644 --- a/icu/src/main/java/com/ibm/icu4jni/charset/CharsetDecoderICU.java +++ b/icu/src/main/java/com/ibm/icu4jni/charset/CharsetDecoderICU.java @@ -49,6 +49,11 @@ public final class CharsetDecoderICU extends CharsetDecoder{ private byte[] input = null; private char[] output= null; + + // BEGIN android-added + private byte[] allocatedInput = null; + private char[] allocatedOutput = null; + // END android-added // These instance variables are // always assigned in the methods @@ -286,9 +291,12 @@ public final class CharsetDecoderICU extends CharsetDecoder{ return out.position(); }else{ outEnd = out.remaining(); - if(output==null || (outEnd > output.length)){ - output = new char[outEnd]; + // BEGIN android-added + if (allocatedOutput == null || (outEnd > allocatedOutput.length)) { + allocatedOutput = new char[outEnd]; } + output = allocatedOutput; + // END android-added //since the new // buffer start position // is 0 @@ -303,9 +311,12 @@ public final class CharsetDecoderICU extends CharsetDecoder{ return in.position()+savedInputHeldLen;/*exclude the number fo bytes held in previous conversion*/ }else{ inEnd = in.remaining(); - if(input==null|| (inEnd > input.length)){ - input = new byte[inEnd]; + // BEGIN android-added + if (allocatedInput == null || (inEnd > allocatedInput.length)) { + allocatedInput = new byte[inEnd]; } + input = allocatedInput; + // END android-added // save the current position int pos = in.position(); in.get(input,0,inEnd); @@ -324,6 +335,10 @@ public final class CharsetDecoderICU extends CharsetDecoder{ }else{ out.put(output,0,data[OUTPUT_OFFSET]); } + // BEGIN android-added + // release reference to output array, which may not be ours + output = null; + // END android-added } private final void setPosition(ByteBuffer in){ @@ -338,5 +353,9 @@ public final class CharsetDecoderICU extends CharsetDecoder{ savedInputHeldLen = data[INPUT_HELD]; in.position(in.position() - savedInputHeldLen); } + // BEGIN android-added + // release reference to input array, which may not be ours + input = null; + // END android-added } } diff --git a/icu/src/main/java/com/ibm/icu4jni/charset/CharsetEncoderICU.java b/icu/src/main/java/com/ibm/icu4jni/charset/CharsetEncoderICU.java index 51d67ac..ec169f4 100644 --- a/icu/src/main/java/com/ibm/icu4jni/charset/CharsetEncoderICU.java +++ b/icu/src/main/java/com/ibm/icu4jni/charset/CharsetEncoderICU.java @@ -46,6 +46,11 @@ public final class CharsetEncoderICU extends CharsetEncoder { private char[] input = null; private byte[] output = null; + // BEGIN android-added + private char[] allocatedInput = null; + private byte[] allocatedOutput = null; + // END android-added + // These instance variables are // always assigned in the methods // before being used. This class @@ -197,10 +202,6 @@ public final class CharsetEncoderICU extends CharsetEncoder { data[INVALID_CHARS] = 0; data[INPUT_HELD] = 0; savedInputHeldLen = 0; - // BEGIN android-added - output = null; - input = null; - // END android-added } /** @@ -332,9 +333,12 @@ public final class CharsetEncoderICU extends CharsetEncoder { return out.position(); }else{ outEnd = out.remaining(); - if(output==null || (outEnd > output.length)){ - output = new byte[outEnd]; + // BEGIN android-added + if (allocatedOutput == null || (outEnd > allocatedOutput.length)) { + allocatedOutput = new byte[outEnd]; } + output = allocatedOutput; + // END android-added //since the new // buffer start position // is 0 @@ -349,9 +353,12 @@ public final class CharsetEncoderICU extends CharsetEncoder { return in.position()+savedInputHeldLen;/*exclude the number fo bytes held in previous conversion*/ }else{ inEnd = in.remaining(); - if(input==null|| (inEnd > input.length)){ - input = new char[inEnd]; + // BEGIN android-added + if (allocatedInput == null || (inEnd > allocatedInput.length)) { + allocatedInput = new char[inEnd]; } + input = allocatedInput; + // END android-added // save the current position int pos = in.position(); in.get(input,0,inEnd); @@ -375,6 +382,10 @@ public final class CharsetEncoderICU extends CharsetEncoder { } else { out.put(output, 0, data[OUTPUT_OFFSET]); } + // BEGIN android-added + // release reference to output array, which may not be ours + output = null; + // END android-added } private final void setPosition(CharBuffer in){ @@ -408,5 +419,10 @@ public final class CharsetEncoderICU extends CharsetEncoder { in.position(in.position() - savedInputHeldLen); } // END android-added + + // BEGIN android-added + // release reference to input array, which may not be ours + input = null; + // END android-added } } |