RFR 8216407 : java.util.UUID.fromString accepts input that does not match expected format

Ivan Gerasimov ivan.gerasimov at oracle.com
Wed Jan 9 23:23:48 UTC 2019


String representation of UUID should conform to RFC4122 
<https://tools.ietf.org/html/rfc4122>, i.e. each its part has to be of 
the fixed size.

Unfortunately, the UUID.fromString() method does not keep up to this 
- First, it permits the leading zeroes of any part to be omitted;
- Second, it permits some of the UUID parts to be larger then allowed.  
In such a case, the value is effectively clipped with & 0x..FFFF.
While some existing application may depend on the former case -- i.e. be 
able to parse UUID with stripped leading zeroes, the later case is 
likely to be an error.

In the past, the check on the input has already been strengthened with 
JDK-8006627 <https://bugs.openjdk.java.net/browse/JDK-8006627>.

I propose we go further and make UUID.fromString() to reject such string 
representations that contain too large individual parts.

If people agree on the proposal, I'll file CSR to fix the change of 

BUGURL: https://bugs.openjdk.java.net/browse/JDK-8216407
WEBREV: http://cr.openjdk.java.net/~igerasim/8216407/00/webrev/

Thanks in advance!

With kind regards,
Ivan Gerasimov

More information about the core-libs-dev mailing list