From 21922c1c975bc303de66097913c0b97c115fcca7 Mon Sep 17 00:00:00 2001
From: David Gilbert <dave@jfree.org>
Date: Sun, 23 Jun 2024 15:53:44 +0200
Subject: [PATCH] Changes from https://github.com/jfree/jfreechart/pull/397

---
 .../jfree/chart/plot/compass/CompassPlot.java   |  2 +-
 .../chart/plot/compass/CompassPlotTest.java     | 17 +++++++++++++----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/jfree/chart/plot/compass/CompassPlot.java b/src/main/java/org/jfree/chart/plot/compass/CompassPlot.java
index d858b91c52..929e966181 100644
--- a/src/main/java/org/jfree/chart/plot/compass/CompassPlot.java
+++ b/src/main/java/org/jfree/chart/plot/compass/CompassPlot.java
@@ -456,7 +456,7 @@ public void setSeriesNeedle(int index, int type) {
      * @param needle  the needle.
      */
     public void setSeriesNeedle(int index, MeterNeedle needle) {
-        if ((needle != null) && (index < this.seriesNeedle.length)) {
+        if ((needle != null) && (index >= 0) && (index < this.seriesNeedle.length)) {
             this.seriesNeedle[index] = needle;
         }
         fireChangeEvent();
diff --git a/src/test/java/org/jfree/chart/plot/compass/CompassPlotTest.java b/src/test/java/org/jfree/chart/plot/compass/CompassPlotTest.java
index b73ea17d2a..bc1cbabfcc 100644
--- a/src/test/java/org/jfree/chart/plot/compass/CompassPlotTest.java
+++ b/src/test/java/org/jfree/chart/plot/compass/CompassPlotTest.java
@@ -50,13 +50,13 @@
 /**
  * Tests for the {@link CompassPlot} class.
  */
-public class CompassPlotTest {
+class CompassPlotTest {
 
     /**
      * Test the equals() method.
      */
     @Test
-    public void testEquals() {
+    void testEquals() {
         CompassPlot plot1 = new CompassPlot();
         CompassPlot plot2 = new CompassPlot();
         assertEquals(plot1, plot2);
@@ -108,7 +108,7 @@ public void testEquals() {
      * Serialize an instance, restore it, and check for equality.
      */
     @Test
-    public void testSerialization() {
+    void testSerialization() {
         CompassPlot p1 = new CompassPlot(null);
         p1.setRosePaint(new GradientPaint(1.0f, 2.0f, Color.RED, 3.0f, 4.0f,
                 Color.BLUE));
@@ -125,7 +125,7 @@ public void testSerialization() {
      * @throws java.lang.CloneNotSupportedException
      */
     @Test
-    public void testCloning() throws CloneNotSupportedException {
+    void testCloning() throws CloneNotSupportedException {
         CompassPlot p1 = new CompassPlot(new DefaultValueDataset(15.0));
         CompassPlot p2 = CloneUtils.clone(p1);
         assertNotSame(p1, p2);
@@ -133,4 +133,13 @@ public void testCloning() throws CloneNotSupportedException {
         assertEquals(p1, p2);
     }
 
+    /**
+     * Test faulty array bounds; CVE-2024-23077.
+     */
+    @Test
+    void testArrayBounds() {
+        CompassPlot p = new CompassPlot(new DefaultValueDataset(0));
+        p.setSeriesNeedle(-1, new PointerNeedle());
+    }
+
 }