Description
Problem:
There is a Bug in the UuidUtil class, which causes an ArrayIndexOutOfBoundsException, when the MAC address is longer than 6 bytes.
Here's the code:
private static final int NODE_SIZE = 8;
byte[] mac = NetUtils.getMacAddress(); final Random randomGenerator = new SecureRandom(); if (mac == null || mac.length == 0) { mac = new byte[6]; randomGenerator.nextBytes(mac); } final int length = mac.length >= 6 ? 6 : mac.length; final int index = mac.length >= 6 ? mac.length - 6 : 0; final byte[] node = new byte[NODE_SIZE]; node[0] = VARIANT; node[1] = 0; for (int i = 2; i < NODE_SIZE; ++i) { node[i] = 0; } System.arraycopy(mac, index, node, index + 2, length);
The problem is the System.arraycopy call, when the MAC address is longer than 6 bytes.
Here's a table, with the different cases:
mac.length | length | index | System.arraycopy |
---|---|---|---|
0 | 0 | 0 | System.arraycopy(mac, 0, node, 2, 0); |
1 | 1 | 0 | System.arraycopy(mac, 0, node, 2, 1); |
2 | 2 | 0 | System.arraycopy(mac, 0, node, 2, 2); |
3 | 3 | 0 | System.arraycopy(mac, 0, node, 2, 3); |
4 | 4 | 0 | System.arraycopy(mac, 0, node, 2, 4); |
5 | 5 | 0 | System.arraycopy(mac, 0, node, 2, 5); |
6 | 6 | 0 | System.arraycopy(mac, 0, node, 2, 6); |
7 | 6 | 1 | System.arraycopy(mac, 1, node, 3, 6); |
8 | 6 | 2 | System.arraycopy(mac, 2, node, 4, 6); |
mac.length from 0 to 6 work fine.
But for mac.length 7, 8 and above the System.arraycopy call will throw an ArrayIndexOutOfBoundsException, because it tries to write to positions on node array, which do not exist.
For example for mac.length 8, the call would try to write to positions 8 and 9 on node, which do not exists, since node is 8 bytes.
Here's the Stacktrace we encountered:
java.lang.ExceptionInInitializerError at org.apache.logging.log4j.core.util.WatchManager.<init>(WatchManager.java:53) at org.apache.logging.log4j.core.config.AbstractConfiguration.<init>(AbstractConfiguration.java:135) at org.apache.logging.log4j.core.config.NullConfiguration.<init>(NullConfiguration.java:32) at org.apache.logging.log4j.core.LoggerContext.<clinit>(LoggerContext.java:85) at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.createContext(ClassLoaderContextSelector.java:179) at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.locateContext(ClassLoaderContextSelector.java:153) at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.getContext(ClassLoaderContextSelector.java:82) at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:170) at org.apache.logging.log4j.core.config.Configurator.initialize(Configurator.java:86) at org.apache.logging.log4j.core.config.Configurator.initialize(Configurator.java:67) [...] Caused by: java.lang.ArrayIndexOutOfBoundsException at java.lang.System.arraycopy(Native Method) at org.apache.logging.log4j.core.util.UuidUtil.<clinit>(UuidUtil.java:81) ... 13 more
Solution:
The code can be fixed by always using 2 for destPos:
System.arraycopy(mac, index, node, 2, length);
Attachments
Issue Links
- Blocked
-
LOG4J2-2980 CLONE - ArrayIndexOutOfBoundsException in the initialization of UuidUtil
- Closed
- is duplicated by
-
LOG4J2-2980 CLONE - ArrayIndexOutOfBoundsException in the initialization of UuidUtil
- Closed
- is related to
-
LOG4J2-2711 UuidUtil array index out of bounds exception
- Open
- links to