8162723: Array index overflow in Base64 utility class
authormullan
Wed, 12 Oct 2016 09:46:35 -0400
changeset 41480 44588c4e91af
parent 41479 bf50b06f27b5
child 41481 c8cfe3a01e7d
8162723: Array index overflow in Base64 utility class Reviewed-by: ascarpino, jnimeh
jdk/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java
--- a/jdk/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java	Wed Oct 12 14:25:07 2016 +0200
+++ b/jdk/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java	Wed Oct 12 09:46:35 2016 -0400
@@ -376,14 +376,14 @@
             return null;
         }
 
-        int lengthDataBits = binaryData.length * EIGHTBIT;
-        if (lengthDataBits == 0) {
+        long lengthDataBits = ((long) binaryData.length) * ((long) EIGHTBIT);
+        if (lengthDataBits == 0L) {
             return "";
         }
 
-        int fewerThan24bits = lengthDataBits % TWENTYFOURBITGROUP;
-        int numberTriplets = lengthDataBits / TWENTYFOURBITGROUP;
-        int numberQuartet = fewerThan24bits != 0 ? numberTriplets + 1 : numberTriplets;
+        long fewerThan24bits = lengthDataBits % TWENTYFOURBITGROUP;
+        int numberTriplets = (int) (lengthDataBits / TWENTYFOURBITGROUP);
+        int numberQuartet = fewerThan24bits != 0L ? numberTriplets + 1 : numberTriplets;
         int quartesPerLine = length / 4;
         int numberLines = (numberQuartet - 1) / quartesPerLine;
         char encodedData[] = null;