RFR: 8282395: URL.openConnection can throw IOOBE [v2]
KIRIYAMA Takuya
duke at openjdk.java.net
Tue Jun 7 07:00:17 UTC 2022
> I fixed sun.net.www.ParseUtil.decode().
>
> ParseUtil.decode() always tries to decode after parsing '%', so if '%' is located at the end of the String, IndexOutOfBoundsException is thrown. Also, if '%' is shown after decodable string and following string is not decodable (e.g: "%25%s%G1"), ParseUtil.decode() throws IllegalArgumentException.
>
> But URL standard says below (https://url.spec.whatwg.org/#percent-decode).
>
>
> Otherwise, if byte is 0x25 (%) and the next two bytes after byte in input are not in the ranges
> 0x30 (0) to 0x39 (9), 0x41 (A) to 0x46 (F), and 0x61 (a) to 0x66 (f), all inclusive, append byte to output.
>
>
> So, there should be used isEscaped() to judge to decode.
>
> Would you please review this fix?
KIRIYAMA Takuya has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
- #8282395 URL.openConnection can throw IOOBE
- Merge branch 'master' into 8282395
- 8282395: URL.openConnection can throw IOOBE
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/8155/files
- new: https://git.openjdk.java.net/jdk/pull/8155/files/dd9d0423..28849591
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=8155&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=8155&range=00-01
Stats: 495165 lines in 6162 files changed: 332406 ins; 99088 del; 63671 mod
Patch: https://git.openjdk.java.net/jdk/pull/8155.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/8155/head:pull/8155
PR: https://git.openjdk.java.net/jdk/pull/8155
More information about the net-dev
mailing list