Using unvalidated input as part of an index into the array can cause the array access to throw an ArrayIndexOutOfBoundsException. This is because there is no guarantee that the index provided is within the bounds of the array.

This problem occurs when user input is used as an array index, either directly or following one or more calculations. If the user input is unsanitized, it may be any value, which could result in either a negative index, or an index which is larger than the size of the array, either of which would result in an ArrayIndexOutOfBoundsException.

The index used in the array access should be checked against the bounds of the array before being used. The index should be smaller than the array size, and it should not be negative.

The following program accesses an element from a fixed size constant array:

The first access of the productDescriptions array uses the user-provided value as the index without performing any checks. If the user provides a negative value, or a value larger than the size of the array, then an ArrayIndexOutOfBoundsException may be thrown.

The second access of the productDescriptions array is contained within a conditional expression that verifies the user-provided value is a valid index into the array. This ensures that the access operation never throws an ArrayIndexOutOfBoundsException.

Java API Specification: ArrayIndexOutOfBoundsException.