8162723: Array index overflow in Base64 utility class
Reviewed-by: ascarpino, jnimeh
--- a/jdk/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java Wed Oct 12 14:25:07 2016 +0200
+++ b/jdk/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java Wed Oct 12 09:46:35 2016 -0400
@@ -376,14 +376,14 @@
return null;
}
- int lengthDataBits = binaryData.length * EIGHTBIT;
- if (lengthDataBits == 0) {
+ long lengthDataBits = ((long) binaryData.length) * ((long) EIGHTBIT);
+ if (lengthDataBits == 0L) {
return "";
}
- int fewerThan24bits = lengthDataBits % TWENTYFOURBITGROUP;
- int numberTriplets = lengthDataBits / TWENTYFOURBITGROUP;
- int numberQuartet = fewerThan24bits != 0 ? numberTriplets + 1 : numberTriplets;
+ long fewerThan24bits = lengthDataBits % TWENTYFOURBITGROUP;
+ int numberTriplets = (int) (lengthDataBits / TWENTYFOURBITGROUP);
+ int numberQuartet = fewerThan24bits != 0L ? numberTriplets + 1 : numberTriplets;
int quartesPerLine = length / 4;
int numberLines = (numberQuartet - 1) / quartesPerLine;
char encodedData[] = null;