From 0871979b298add320ca63f65060acb7532c8a0dd Mon Sep 17 00:00:00 2001
From: Pietro Oliva <pietro.oliva@r3.com>
Date: Tue, 27 Oct 2020 05:13:59 -0400
Subject: [PATCH] Fix integer overflow leading to out-of-bounds read/write

---
 classpath/java/io/FileOutputStream.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classpath/java/io/FileOutputStream.java b/classpath/java/io/FileOutputStream.java
index 8732004e7..f5518d797 100644
--- a/classpath/java/io/FileOutputStream.java
+++ b/classpath/java/io/FileOutputStream.java
@@ -52,7 +52,7 @@ public void write(byte[] b, int offset, int length) throws IOException {
       throw new NullPointerException();
     }
 
-    if (offset < 0 || offset + length > b.length) {
+    if (offset < 0 || length < 0 || length > b.length || offset > b.length - length) {
       throw new ArrayIndexOutOfBoundsException();
     }