Most of the arguments to the C curve25519* functions are byte arrays of fixed length (32 or 64 bytes). For such arguments, the JNI methods simply retrieve a pointer into the Java byte array and pass it to the C function. In particular, they don't verify that the arrays are long enough.
Instead of getting an exception, misbehaving clients will end up reading or writing out of bounds.
Most of the arguments to the C curve25519* functions are byte arrays of fixed length (32 or 64 bytes). For such arguments, the JNI methods simply retrieve a pointer into the Java byte array and pass it to the C function. In particular, they don't verify that the arrays are long enough.
Instead of getting an exception, misbehaving clients will end up reading or writing out of bounds.
refs:
https://github.com/WhisperSystems/curve25519-java/blob/38620c6245c446f2089316231f6289422711ed1d/android/jni/curve25519-jni.c#L46
https://github.com/WhisperSystems/curve25519-java/blob/38620c6245c446f2089316231f6289422711ed1d/android/jni/curve25519-jni.c#L61-L62
https://github.com/WhisperSystems/curve25519-java/blob/38620c6245c446f2089316231f6289422711ed1d/android/jni/curve25519-jni.c#L78-L79
https://github.com/WhisperSystems/curve25519-java/blob/38620c6245c446f2089316231f6289422711ed1d/android/jni/curve25519-jni.c#L97-L98