java/5361: gcj bug

Andreas Lenz andreas.lenz@handy-games.com
Fri Jan 11 10:16:00 GMT 2002


>Number:         5361
>Category:       java
>Synopsis:       ArrayIndexOutOfBounds where it should not be
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          wrong-code
>Submitter-Id:   net
>Arrival-Date:   Fri Jan 11 10:16:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        3.0.3
>Organization:
>Environment:
System: Linux Twisty 2.4.0 #5 Mit Mai 30 16:05:26 CEST 2001 i686 unknown
Architecture: i686

host: i686-pc-linux-gnu
build: i686-pc-linux-gnu
target: i686-pc-linux-gnu
configured with: ./configure 
>Description:

	java code:
	public void function(byte[] dst,...)
	{
		int tmp;
		byte dst_byte;
		
		...
		copmuting tmp,
		tmp is in range 0x0000 to 0xffff
		...
		
		// here is
		// dst.length = 2
		// dst_byte = 0
		
		dst[dst_byte] |= (tmp>>8);       << (1) works
		dst[++dst_byte] |= (tmp & 0xff); << (2) dst_byte is now 2 !!
	}

	compiled with kaffe javac fails !
	compiled with sun javac works !
	changing (2) to ++dst_byte;dst[dst_byte] != (tmp & 0xff); works !

	dst_byte changes from 0 to 2
	this also happens, if the array has more elements,
	the last access fails, if dst.length == 5
	dst_byte switches from 4 to 6 !!

	The code is executed in a modified, commercial java2 MicroEdition
	I'm not sure, if the gcj is correct and the bug is in the VM,
	as the bug also occurs with the kaffe compiler

	Well, I think the bug is most likely in the VM,
	but strange nevertheless...

	Best Regards
	  Andi
	
>How-To-Repeat:
	repeats every time
>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the Java-prs mailing list