RFR 8216407 : java.util.UUID.fromString accepts input that does not match expected format
Ivan Gerasimov
ivan.gerasimov at oracle.com
Wed Jan 9 23:23:48 UTC 2019
Hello!
String representation of UUID should conform to RFC4122
<https://tools.ietf.org/html/rfc4122>, i.e. each its part has to be of
the fixed size.
Unfortunately, the UUID.fromString() method does not keep up to this
requirement:
- First, it permits the leading zeroes of any part to be omitted;
- Second, it permits some of the UUID parts to be larger then allowed.
In such a case, the value is effectively clipped with & 0x..FFFF.
While some existing application may depend on the former case -- i.e. be
able to parse UUID with stripped leading zeroes, the later case is
likely to be an error.
In the past, the check on the input has already been strengthened with
JDK-8006627 <https://bugs.openjdk.java.net/browse/JDK-8006627>.
I propose we go further and make UUID.fromString() to reject such string
representations that contain too large individual parts.
If people agree on the proposal, I'll file CSR to fix the change of
behavior.
BUGURL: https://bugs.openjdk.java.net/browse/JDK-8216407
WEBREV: http://cr.openjdk.java.net/~igerasim/8216407/00/webrev/
Thanks in advance!
--
With kind regards,
Ivan Gerasimov
More information about the core-libs-dev
mailing list