CVE-2024-23077.

jfree · Apr 17, 2024 · 6e7f7d2 · 6e7f7d2
1 parent b9a36f2
commit 6e7f7d2
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/src/main/java/org/jfree/chart/plot/CompassPlot.java b/src/main/java/org/jfree/chart/plot/CompassPlot.java
@@ -464,7 +464,7 @@ public void setSeriesNeedle(int index, int type) {
      * @param needle  the needle.
      */
     public void setSeriesNeedle(int index, MeterNeedle needle) {
-        if ((needle != null) && (index < this.seriesNeedle.length)) {
+        if ((needle != null) && (index >= 0) && (index < this.seriesNeedle.length)) {
             this.seriesNeedle[index] = needle;
         }
         fireChangeEvent();

diff --git a/src/test/java/org/jfree/chart/plot/CompassPlotTest.java b/src/test/java/org/jfree/chart/plot/CompassPlotTest.java
@@ -41,7 +41,7 @@
 import java.awt.GradientPaint;
 
 import org.jfree.chart.TestUtils;
-
+import org.jfree.chart.needle.PointerNeedle;
 import org.jfree.data.general.DefaultValueDataset;
 import org.junit.jupiter.api.Test;
 
@@ -132,4 +132,13 @@ public void testCloning() throws CloneNotSupportedException {
         assertEquals(p1, p2);
     }
 
+    /**
+     * Test faulty array bounds; CVE-2024-23077.
+     */
+    @Test
+    public void testArrayBounds() {
+        CompassPlot p = new CompassPlot(new DefaultValueDataset(0));
+        p.setSeriesNeedle(-1, new PointerNeedle());
+    }
+
 }