search

SynBioDex / libSBOLj

Java Library for Synthetic Biology Open Language (SBOL)
Apache License 2.0
37 stars 24 forks source link

Several potential ArrayIndexOutOfBounds bugs. #603

Closed ITWOI closed 4 years ago

ITWOI commented 4 years ago

Hi all,

Our tool has found several potential ArrayIndexOutOfBounds bugs.

In the following code snippet (begins from line 577:

                         for (int i = 0; i < subElementsFinal.length(); i++) {
                             if(range.getStart()+i>elementsArray.length) {
                                 return null;
                             }
                             elementsArray[(range.getStart()+i)-1] = subElementsFinal.charAt(i);
                         }

The upper bound of (range.getStart()+i)-1 is checked but not the lower bound. In other words, it seems possible that (range.getStart()+i)-1 might be -1 if i is 0 and range.getStart() is 0.

In the main method of OBOParser.java, directly access args[0] without checking the length of args may cause ArrayIndexOutOfBounds exceptions.

Thanks

cjmyers commented 4 years ago

Thanks. Good catches @ITWOI. May I ask what tool are you using to find these issues?

The first one we actually fixed recently (at least we think we have). Curious if you still see any issues with this function.

For the second one, we don't actually use this main function anymore. It was used for testing. However, I've moved the line into the try/catch, so an error will be thrown on this exception.