The user will receive the following message: “unexpected exception in SAP ERP -3D Viewer of type java.lang.IndexOutOfBoundsException: java.lang.IndexOutOfBoundsException: Arrays are not bounds-checked, so consider using arrays instead of primitive types. at java.io.File.readBytes(Native Method) at java.io.File.readBytes(File.java:799) at java.io.File.readBytes(File.java:685) at java.io.FileReader.readBytes(FileReader.java:259) at java.io.FileReader.fill(FileReader.java:174) at java.io.FileReader.read(FileReader.java:151) at java.io.InputStreamReader.read(InputStreamReader.java:74) at org.jt.x3d.text.JTReader.read(JTReader.java:52) at org.jt.x3d.text.JTText.read(JTText.java:143) at org.jt.x3d.text.PlainText.parse(PlainText.java:37) at org.jt.x3d.text.PlainText.parse(PlainText.java:24) at org.jt.x3d.text.PlainText

How to protect against this vulnerability?

There are three ways to protect against this vulnerability. The first way is to call the method getFileBytes() instead of readBytes(). The second way is to use a java.io.ByteArrayInputStream when writing bytes into a file and not calling read(). The third way is to use a byte[] while writing data into a file and not calling write().
You should secure your SAP ERP -3D Viewer from this vulnerability by implementing the following guidelines:
1) In order for an application that uses the x3d API to be safe, it must call getFileBytes() instead of readBytes().
2) You should use java.io.ByteArrayInputStream when writing into files and not call read().
3) You should use byte[] when writing data into files and not call write().

Timeline

Published on: 10/11/2022 21:15:00 UTC
Last modified on: 10/12/2022 20:20:00 UTC

References