# HG changeset patch # User naoto # Date 1497545835 25200 # Node ID 3448b80444f30009095440ebc7f539c571fa2b78 # Parent 17b77ca4d419850cba1e0e8398cef5042b3f21ce 8181323: Better timezone processing Reviewed-by: rriggs diff -r 17b77ca4d419 -r 3448b80444f3 src/java.base/share/classes/java/util/SimpleTimeZone.java --- a/src/java.base/share/classes/java/util/SimpleTimeZone.java Thu May 18 08:52:50 2017 +0800 +++ b/src/java.base/share/classes/java/util/SimpleTimeZone.java Thu Jun 15 09:57:15 2017 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,6 +41,7 @@ import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.IOException; +import java.io.InvalidObjectException; import sun.util.calendar.CalendarSystem; import sun.util.calendar.CalendarUtils; import sun.util.calendar.BaseCalendar; @@ -1278,6 +1279,9 @@ */ private int serialVersionOnStream = currentSerialVersion; + // Maximum number of rules. + private static final int MAX_RULE_NUM = 6; + private synchronized void invalidateCache() { cacheYear = startYear - 1; cacheStart = cacheEnd = 0; @@ -1569,7 +1573,7 @@ */ private byte[] packRules() { - byte[] rules = new byte[6]; + byte[] rules = new byte[MAX_RULE_NUM]; rules[0] = (byte)startDay; rules[1] = (byte)startDayOfWeek; rules[2] = (byte)endDay; @@ -1594,7 +1598,7 @@ endDayOfWeek = rules[3]; // As of serial version 2, include time modes - if (rules.length >= 6) { + if (rules.length >= MAX_RULE_NUM) { startTimeMode = rules[4]; endTimeMode = rules[5]; } @@ -1691,9 +1695,13 @@ // store the actual rules (which have not be made compatible with 1.1) // in the optional area. Read them in here and parse them. int length = stream.readInt(); - byte[] rules = new byte[length]; - stream.readFully(rules); - unpackRules(rules); + if (length <= MAX_RULE_NUM) { + byte[] rules = new byte[length]; + stream.readFully(rules); + unpackRules(rules); + } else { + throw new InvalidObjectException("Too many rules: " + length); + } } if (serialVersionOnStream >= 2) {