[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1322) MutlipartRequest parser occasionally throws ArrayIndexOutOfBoundsException
ROB b (JIRA)
jira-events at lists.jboss.org
Sun May 13 19:45:02 EDT 2007
MutlipartRequest parser occasionally throws ArrayIndexOutOfBoundsException
--------------------------------------------------------------------------
Key: JBSEAM-1322
URL: http://jira.jboss.com/jira/browse/JBSEAM-1322
Project: JBoss Seam
Issue Type: Bug
Components: Core
Affects Versions: 1.2.1.GA, 1.2.0.GA
Environment: Windows Vista, Java 1.6u1, JBoss Seam 1.2.1, JBoss AS 4.0.5.GA
Reporter: ROB b
During an upload, the MultipartRequest checkSequence function does not to proper boundary checking on function parameters. It will occasionally (rarely actually) throw an ArrayIndexOutOfBoundsException at the high end due to the +1 offset when accessing the data array.
I'm not actually sure why this +1 is there and was wondering if somehow it was a mistake. This class is a little hard to follow, so I'm not sure how everything works, but the function description seems to indicate that it is checking for the end of a byte array at a specific location which is 0-indexed, but the +1 would seem to indicate otherwise.
The following exception gets thrown:
java.lang.ArrayIndexOutOfBoundsException: 2048
at org.jboss.seam.web.MultipartRequest.checkSequence(MultipartRequest.java:466)
at org.jboss.seam.web.MultipartRequest.parseRequest(MultipartRequest.java:333)
at org.jboss.seam.web.MultipartRequest.getParam(MultipartRequest.java:507)
at org.jboss.seam.web.MultipartRequest.getParameter(MultipartRequest.java:558)
at org.apache.myfaces.context.servlet.RequestParameterMap.getAttribute(RequestParameterMap.java:39)
at org.apache.myfaces.context.servlet.AbstractAttributeMap.get(AbstractAttributeMap.java:87)
at com.sun.facelets.tag.ui.UIDebug.debugRequest(UIDebug.java:119)
at com.sun.facelets.FaceletViewHandler.restoreView(FaceletViewHandler.java:305)
at org.ajax4jsf.framework.ViewHandlerWrapper.restoreView(ViewHandlerWrapper.java:116)
at org.ajax4jsf.framework.ajax.AjaxViewHandler.restoreView(AjaxViewHandler.java:147)
at org.apache.myfaces.lifecycle.LifecycleImpl.restoreView(LifecycleImpl.java:141)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:66)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:137)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:63)
at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:57)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:60)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:74)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.SeamFilter.doFilter(SeamFilter.java:84)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.ajax4jsf.framework.ajax.xmlfilter.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:96)
at org.ajax4jsf.framework.ajax.xmlfilter.BaseFilter.doFilter(BaseFilter.java:220)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Unknown Source)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list