Bug #960 java.lang.ArrayIndexOutOfBoundsException in single update query
Submitted: 30 Jul 2003 11:04 Modified: 14 Jan 2004 18:57
Reporter: [ name withheld ] Email Updates:
Status: Closed Impact on me:
Category:Connector / J Severity:S2 (Serious)
Version:3.0.8 stable OS:Linux (Linux)
Assigned to: Mark Matthews CPU Architecture:Any

[30 Jul 2003 11:04] [ name withheld ]
Description :
I got this exception :

java.sql.SQLException: Error dur
ing query: Unexpected Exception: java.lang.ArrayIndexOutOfBoundsException message 
given: 2

Nested Stack Trace:




java.lang.ArrayIndexOutOfBoundsException: 2
        at com.mysql.jdbc.Buffer.readLong(Buffer.java:370)
        at com.mysql.jdbc.Buffer.readFieldLength(Buffer.java:315)
        at com.mysql.jdbc.Buffer.fastSkipLenString(Buffer.java:103)
        at com.mysql.jdbc.MysqlIO.unpackField(MysqlIO.java:1185)
        at com.mysql.jdbc.MysqlIO.getResultSet(MysqlIO.java:259)
        at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1001)
        at com.mysql.jdbc.MysqlIO.sqlQuery(MysqlIO.java:928)
        at com.mysql.jdbc.Connection.execSQL(Connection.java:1871)
        at com.mysql.jdbc.Connection.execSQL(Connection.java:1805)
        at com.mysql.jdbc.Statement.executeUpdate(Statement.java:1231)
        at ATb.PersistentBddCx.simpleUpdateQuery(PersistentBddCx.java:142)
        at ATb.PersistentBddCx.simpleUpdateQuery(PersistentBddCx.java:115)


the query I send is "update perso set pa=pa+1 where ( pa < 100 )"
This query should have modified about 10 rows but it did not.

How to repeat:
unfortunately, no idea about how to repeat it, but it happends quite often in my software.
[2 Aug 2003 8:06] Mark Matthews
Can you try a nightly snapshot of the 3.0 series? (http://mmmysql.sourceforge.net/snapshots/stable). This bug might have been fixed there.

If this does not work, we will need a _repeatable_ testcase, including table schemas, data and Java code that reproduces the problem in order to fix this.
[14 Jan 2004 17:58] Dave Pullin
Me too! but I found a problem that causes this symptom.
I found it in 3.0.9.

Method writeString() in com.mysql.jdbc.Buffer appends a null after the
writeStringNoNull without checking that there is room for the null. 
[I got this error in the initial connection because createNewIO does a bad job of calculating the packLength. You only get it when you data is exactly the right length for the buffer overflow to occur exactly on this null byte because all the rest of the Buffer class checks to make sure the buffer is big enough.]

 // Write null-terminated string
    final void writeString(String s) throws SQLException {
        ensureCapacity(1); // ADDED to avoid ArrayIndexOutOfBoundsException
        this.byteBuffer[this.position++] = 0;

I notice now that this bug is fixed in 3.1.0alpha
[14 Jan 2004 18:57] Mark Matthews
Thank you for your bug report. This issue has already been fixed
in the latest released version of that product, which you can download at 

Additional info:

Fixed in release 3.0.10 as well.

From the CHANGES file:

"- Ensure that Buffer.writeString() saves room for the \0."