--- a/src/java.base/share/classes/java/util/SimpleTimeZone.java Thu May 18 08:52:50 2017 +0800
+++ b/src/java.base/share/classes/java/util/SimpleTimeZone.java Thu Jun 15 09:57:15 2017 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,7 @@
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.IOException;
+import java.io.InvalidObjectException;
import sun.util.calendar.CalendarSystem;
import sun.util.calendar.CalendarUtils;
import sun.util.calendar.BaseCalendar;
@@ -1278,6 +1279,9 @@
*/
private int serialVersionOnStream = currentSerialVersion;
+ // Maximum number of rules.
+ private static final int MAX_RULE_NUM = 6;
+
private synchronized void invalidateCache() {
cacheYear = startYear - 1;
cacheStart = cacheEnd = 0;
@@ -1569,7 +1573,7 @@
*/
private byte[] packRules()
{
- byte[] rules = new byte[6];
+ byte[] rules = new byte[MAX_RULE_NUM];
rules[0] = (byte)startDay;
rules[1] = (byte)startDayOfWeek;
rules[2] = (byte)endDay;
@@ -1594,7 +1598,7 @@
endDayOfWeek = rules[3];
// As of serial version 2, include time modes
- if (rules.length >= 6) {
+ if (rules.length >= MAX_RULE_NUM) {
startTimeMode = rules[4];
endTimeMode = rules[5];
}
@@ -1691,9 +1695,13 @@
// store the actual rules (which have not be made compatible with 1.1)
// in the optional area. Read them in here and parse them.
int length = stream.readInt();
- byte[] rules = new byte[length];
- stream.readFully(rules);
- unpackRules(rules);
+ if (length <= MAX_RULE_NUM) {
+ byte[] rules = new byte[length];
+ stream.readFully(rules);
+ unpackRules(rules);
+ } else {
+ throw new InvalidObjectException("Too many rules: " + length);
+ }
}
if (serialVersionOnStream >= 2) {