Bug #960 | java.lang.ArrayIndexOutOfBoundsException in single update query | ||
---|---|---|---|
Submitted: | 30 Jul 2003 11:04 | Modified: | 14 Jan 2004 18:57 |
Reporter: | [ name withheld ] | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | Connector / J | Severity: | S2 (Serious) |
Version: | 3.0.8 stable | OS: | Linux (Linux) |
Assigned to: | Mark Matthews | CPU Architecture: | Any |
[30 Jul 2003 11:04]
[ name withheld ]
[2 Aug 2003 8:06]
Mark Matthews
Can you try a nightly snapshot of the 3.0 series? (http://mmmysql.sourceforge.net/snapshots/stable). This bug might have been fixed there. If this does not work, we will need a _repeatable_ testcase, including table schemas, data and Java code that reproduces the problem in order to fix this.
[14 Jan 2004 17:58]
Dave Pullin
Me too! but I found a problem that causes this symptom. I found it in 3.0.9. Method writeString() in com.mysql.jdbc.Buffer appends a null after the writeStringNoNull without checking that there is room for the null. [I got this error in the initial connection because createNewIO does a bad job of calculating the packLength. You only get it when you data is exactly the right length for the buffer overflow to occur exactly on this null byte because all the rest of the Buffer class checks to make sure the buffer is big enough.] // Write null-terminated string final void writeString(String s) throws SQLException { writeStringNoNull(s); ensureCapacity(1); // ADDED to avoid ArrayIndexOutOfBoundsException this.byteBuffer[this.position++] = 0; } I notice now that this bug is fixed in 3.1.0alpha
[14 Jan 2004 18:57]
Mark Matthews
Thank you for your bug report. This issue has already been fixed in the latest released version of that product, which you can download at http://www.mysql.com/downloads/ Additional info: Fixed in release 3.0.10 as well. From the CHANGES file: "- Ensure that Buffer.writeString() saves room for the \0."