[jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-1322) MutlipartRequest parser occasionally throws ArrayIndexOutOfBoundsException

Shane Bryzak (JIRA) jira-events at lists.jboss.org
Wed May 16 03:29:02 EDT 2007 

     [ http://jira.jboss.com/jira/browse/JBSEAM-1322?page=all ]

Shane Bryzak closed JBSEAM-1322.
--------------------------------

    Resolution: Done

The i + 1 here is correct:

      for (int i = 0; i < seq.length; i++)
      {
         if (data[(pos - seq.length) + i + 1] != seq[i])
            return false;
      }

However, the test that occurs at the start of the method isn't - it should have checked that pos >= data.length, as follows:

      if (pos - seq.length < 0 || pos >= data.length)
         return false;

what is *was* doing was checking that pos > data.length, which explains why the ArrayIndexOutOfBoundsException was happening occasionally.

Thanks for bringing this to my attention.

> MutlipartRequest parser occasionally throws ArrayIndexOutOfBoundsException
> --------------------------------------------------------------------------
>
>                 Key: JBSEAM-1322
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-1322
>             Project: JBoss Seam
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.2.1.GA, 1.2.0.GA
>         Environment: Windows Vista, Java 1.6u1, JBoss Seam 1.2.1, JBoss AS 4.0.5.GA
>            Reporter: ROB b
>         Assigned To: Shane Bryzak
>
> During an upload, the MultipartRequest checkSequence function does not to proper boundary checking on function parameters. It will occasionally (rarely actually) throw an ArrayIndexOutOfBoundsException at the high end due to the +1 offset when accessing the data array. 
> I'm not actually sure why this +1 is there and was wondering if somehow it was a mistake. This class is a little hard to follow, so I'm not sure how everything works, but the function description seems to indicate that it is checking for the end of a byte array at a specific location which is 0-indexed, but the +1 would seem to indicate otherwise.
> The following exception gets thrown:
> java.lang.ArrayIndexOutOfBoundsException: 2048
> 	at org.jboss.seam.web.MultipartRequest.checkSequence(MultipartRequest.java:466)
> 	at org.jboss.seam.web.MultipartRequest.parseRequest(MultipartRequest.java:333)
> 	at org.jboss.seam.web.MultipartRequest.getParam(MultipartRequest.java:507)
> 	at org.jboss.seam.web.MultipartRequest.getParameter(MultipartRequest.java:558)
> 	at org.apache.myfaces.context.servlet.RequestParameterMap.getAttribute(RequestParameterMap.java:39)
> 	at org.apache.myfaces.context.servlet.AbstractAttributeMap.get(AbstractAttributeMap.java:87)
> 	at com.sun.facelets.tag.ui.UIDebug.debugRequest(UIDebug.java:119)
> 	at com.sun.facelets.FaceletViewHandler.restoreView(FaceletViewHandler.java:305)
> 	at org.ajax4jsf.framework.ViewHandlerWrapper.restoreView(ViewHandlerWrapper.java:116)
> 	at org.ajax4jsf.framework.ajax.AjaxViewHandler.restoreView(AjaxViewHandler.java:147)
> 	at org.apache.myfaces.lifecycle.LifecycleImpl.restoreView(LifecycleImpl.java:141)
> 	at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:66)
> 	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:137)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> 	at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:63)
> 	at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:57)
> 	at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
> 	at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:60)
> 	at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
> 	at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
> 	at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
> 	at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:74)
> 	at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
> 	at org.jboss.seam.web.SeamFilter.doFilter(SeamFilter.java:84)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> 	at org.ajax4jsf.framework.ajax.xmlfilter.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:96)
> 	at org.ajax4jsf.framework.ajax.xmlfilter.BaseFilter.doFilter(BaseFilter.java:220)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> 	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> 	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
> 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
> 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
> 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> 	at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
> 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
> 	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
> 	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> 	at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
> 	at java.lang.Thread.run(Unknown Source)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list