Closed Bug 20732 Opened 25 years ago Closed 25 years ago

Part of buffer is incorrectly overwritten (in read(byte[],int,int))

Categories

(Core Graveyard :: Java-Implemented Plugins, defect, P3)

x86
Windows NT

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: lvv, Assigned: blackconnect)

Details

From java2 documentation about read(byte[],int,int) method of the
InputStream:
The first byte read is stored into element b[off], the next one into
      b[off+1], and so on. The number of bytes read is, at most, equal to len.
      Let k be the number of bytes actually read; these bytes will be stored in
      elements b[off] through b[off+k-1], leaving elements b[off+k] through
      b[off+len-1] unaffected.

But currently the elements b[off+k] through b[off+len-1] is also
overwritten by some garbage.


Steps to Reproduce:
1) Use following implementation for your
   PlugletStreamListener.onDataAvailable method:

    public void onDataAvailable(PlugletStreamInfo plugletInfo, InputStream
input, int  length) {
	byte[] buf = new byte[10];
	for (int i = 0; i < 10; i++){
	  buf[i] = 0;
	}
	try{
	    input.read(buf, 2, 6);
	} catch (IOException e) {
	    System.out.println("IOException");
	}
	for (int i = 0; i < 10; i++){
	  System.out.println("buf[" + i + "] is "+ buf[i]);
	}

    }

2) Point some file (with 4 byte length for this example) in SRC
attribute and load the page

Actual Results: Smaple of output.
buf[0] is 0
buf[1] is 0
buf[2] is 108
buf[3] is 97
buf[4] is 13
buf[5] is 10
buf[6] is -51
buf[7] is -51
buf[8] is 0
buf[9] is 0

Expected Results:
In this example the values of buf[6] and buf[7] should be 0.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
The reason of this bug is that we are copying len bytes instead of actual amount
of bytes.

Here is suggetsted fix:
Index: org_mozilla_pluglet_mozilla_PlugletInputStream.cpp
===================================================================
RCS file:
/cvsroot/mozilla/java/plugins/jni/org_mozilla_pluglet_mozilla_PlugletInputStream.cpp,v
retrieving revision 1.7
diff -c -r1.7 org_mozilla_pluglet_mozilla_PlugletInputStream.cpp
*** org_mozilla_pluglet_mozilla_PlugletInputStream.cpp  2000/01/18 02:53:52
1.7
--- org_mozilla_pluglet_mozilla_PlugletInputStream.cpp  2000/01/18 22:40:36
***************
*** 99,105 ****
      PR_LOG(PlugletLog::log, PR_LOG_DEBUG,
            ("PlugletInputStream.nativeRead: %i bytes read\n", retval));

!     env->SetByteArrayRegion(b,off,len,bufElems);
      free(bufElems);
      return retval;
  }
--- 99,105 ----
      PR_LOG(PlugletLog::log, PR_LOG_DEBUG,
            ("PlugletInputStream.nativeRead: %i bytes read\n", retval));

!     env->SetByteArrayRegion(b,off,retval,bufElems);
      free(bufElems);
      return retval;
  }
---
I am closing this bug as fixed.
Verified with Mozilla 0.9.5 (Mozilla/5.0 (Windows; U; WinNT4.0; en-US; 
rv:0.9.5+) Gecko/20011030).
This bug isn't reproduced.
VERIFIED
Status: RESOLVED → VERIFIED
QA Contact: leila.garin → avm
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.