From 6e7f7d2269499a8369d68d70cc227209d5bbef69 Mon Sep 17 00:00:00 2001 From: trashgod Date: Wed, 17 Apr 2024 19:40:40 -0400 Subject: [PATCH] CVE-2024-23077. --- src/main/java/org/jfree/chart/plot/CompassPlot.java | 2 +- .../java/org/jfree/chart/plot/CompassPlotTest.java | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/jfree/chart/plot/CompassPlot.java b/src/main/java/org/jfree/chart/plot/CompassPlot.java index a4d993ea1..c1a7ab067 100644 --- a/src/main/java/org/jfree/chart/plot/CompassPlot.java +++ b/src/main/java/org/jfree/chart/plot/CompassPlot.java @@ -464,7 +464,7 @@ public void setSeriesNeedle(int index, int type) { * @param needle the needle. */ public void setSeriesNeedle(int index, MeterNeedle needle) { - if ((needle != null) && (index < this.seriesNeedle.length)) { + if ((needle != null) && (index >= 0) && (index < this.seriesNeedle.length)) { this.seriesNeedle[index] = needle; } fireChangeEvent(); diff --git a/src/test/java/org/jfree/chart/plot/CompassPlotTest.java b/src/test/java/org/jfree/chart/plot/CompassPlotTest.java index f56872f64..6653b7d5c 100644 --- a/src/test/java/org/jfree/chart/plot/CompassPlotTest.java +++ b/src/test/java/org/jfree/chart/plot/CompassPlotTest.java @@ -41,7 +41,7 @@ import java.awt.GradientPaint; import org.jfree.chart.TestUtils; - +import org.jfree.chart.needle.PointerNeedle; import org.jfree.data.general.DefaultValueDataset; import org.junit.jupiter.api.Test; @@ -132,4 +132,13 @@ public void testCloning() throws CloneNotSupportedException { assertEquals(p1, p2); } + /** + * Test faulty array bounds; CVE-2024-23077. + */ + @Test + public void testArrayBounds() { + CompassPlot p = new CompassPlot(new DefaultValueDataset(0)); + p.setSeriesNeedle(-1, new PointerNeedle()); + } + }