8320570: NegativeArraySizeException decoding >1G UTF8 bytes with non-ascii characters

Reviewed-by: rriggs
This commit is contained in:
Jim Laskey 2023-12-06 21:55:05 +00:00
parent 781775d73b
commit 82796bdebb
2 changed files with 82 additions and 7 deletions

View File

@ -592,7 +592,7 @@ public final class String
this.coder = LATIN1; this.coder = LATIN1;
return; return;
} }
byte[] utf16 = new byte[length << 1]; byte[] utf16 = StringUTF16.newBytesFor(length);
StringLatin1.inflate(latin1, 0, utf16, 0, dp); StringLatin1.inflate(latin1, 0, utf16, 0, dp);
dp = decodeUTF8_UTF16(latin1, sp, length, utf16, dp, true); dp = decodeUTF8_UTF16(latin1, sp, length, utf16, dp, true);
if (dp != length) { if (dp != length) {
@ -601,7 +601,7 @@ public final class String
this.value = utf16; this.value = utf16;
this.coder = UTF16; this.coder = UTF16;
} else { // !COMPACT_STRINGS } else { // !COMPACT_STRINGS
byte[] dst = new byte[length << 1]; byte[] dst = StringUTF16.newBytesFor(length);
int dp = decodeUTF8_UTF16(bytes, offset, offset + length, dst, 0, true); int dp = decodeUTF8_UTF16(bytes, offset, offset + length, dst, 0, true);
if (dp != length) { if (dp != length) {
dst = Arrays.copyOf(dst, dp << 1); dst = Arrays.copyOf(dst, dp << 1);
@ -622,7 +622,7 @@ public final class String
this.value = Arrays.copyOfRange(bytes, offset, offset + length); this.value = Arrays.copyOfRange(bytes, offset, offset + length);
this.coder = LATIN1; this.coder = LATIN1;
} else { } else {
byte[] dst = new byte[length << 1]; byte[] dst = StringUTF16.newBytesFor(length);
int dp = 0; int dp = 0;
while (dp < length) { while (dp < length) {
int b = bytes[offset++]; int b = bytes[offset++];
@ -763,15 +763,15 @@ public final class String
return new String(dst, LATIN1); return new String(dst, LATIN1);
} }
if (dp == 0) { if (dp == 0) {
dst = new byte[length << 1]; dst = StringUTF16.newBytesFor(length);
} else { } else {
byte[] buf = new byte[length << 1]; byte[] buf = StringUTF16.newBytesFor(length);
StringLatin1.inflate(dst, 0, buf, 0, dp); StringLatin1.inflate(dst, 0, buf, 0, dp);
dst = buf; dst = buf;
} }
dp = decodeUTF8_UTF16(bytes, offset, sl, dst, dp, false); dp = decodeUTF8_UTF16(bytes, offset, sl, dst, dp, false);
} else { // !COMPACT_STRINGS } else { // !COMPACT_STRINGS
dst = new byte[length << 1]; dst = StringUTF16.newBytesFor(length);
dp = decodeUTF8_UTF16(bytes, offset, offset + length, dst, 0, false); dp = decodeUTF8_UTF16(bytes, offset, offset + length, dst, 0, false);
} }
if (dp != length) { if (dp != length) {
@ -1316,7 +1316,7 @@ public final class String
} }
int dp = 0; int dp = 0;
byte[] dst = new byte[val.length << 1]; byte[] dst = StringUTF16.newBytesFor(val.length);
for (byte c : val) { for (byte c : val) {
if (c < 0) { if (c < 0) {
dst[dp++] = (byte) (0xc0 | ((c & 0xff) >> 6)); dst[dp++] = (byte) (0xc0 | ((c & 0xff) >> 6));

View File

@ -0,0 +1,75 @@
/*
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.IOException;
import java.nio.charset.StandardCharsets;
/*
* @test
* @bug 8077559
* @summary Tests Compact String for negative size.
* @requires vm.bits == 64 & os.maxMemory >= 4G
* @run main/othervm -XX:+CompactStrings -Xmx4g NegativeSize
* @run main/othervm -XX:-CompactStrings -Xmx4g NegativeSize
*/
// In Java8: java.lang.OutOfMemoryError: Java heap space
// In Java9+: was java.lang.NegativeArraySizeException: -1894967266
public class NegativeSize {
static byte[] generateData() {
int asciisize = 1_200_000_000;
byte[] nonAscii = "非アスキー".getBytes();
int nonAsciiSize = nonAscii.length;
// 1 GB
byte[] arr = new byte[asciisize + nonAsciiSize];
for (int i=0; i<asciisize; ++i) {
arr[i] = (byte)('0' + (i % 40));
}
for(int i=0; i<nonAsciiSize; ++i) {
arr[i + asciisize] = nonAscii[i];
}
return arr;
}
public static void main(String[] args) throws IOException {
try {
byte[] largeBytes = generateData();
String inStr = new String(largeBytes, StandardCharsets.UTF_8);
System.out.println(inStr.length());
System.out.println(inStr.substring(1_200_000_000));
} catch (OutOfMemoryError ex) {
if (ex.getMessage().startsWith("UTF16 String size is")) {
System.out.println("Succeeded with OutOfMemoryError");
} else {
throw new RuntimeException("Failed: Not the OutOfMemoryError expected", ex);
}
} catch (NegativeArraySizeException ex) {
throw new RuntimeException("Failed: Expected OutOfMemoryError", ex);
}
}
}