RFR: 8282395: URL.openConnection can throw IOOBE [v2]
Daniel Fuchs
dfuchs at openjdk.java.net
Wed Jun 15 10:33:49 UTC 2022
On Wed, 15 Jun 2022 10:13:21 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> KIRIYAMA Takuya has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
>>
>> - #8282395 URL.openConnection can throw IOOBE
>> - Merge branch 'master' into 8282395
>> - 8282395: URL.openConnection can throw IOOBE
>
> src/java.base/share/classes/sun/net/www/ParseUtil.java line 204:
>
>> 202: bb.put(unescape(s, i));
>> 203: } catch (NumberFormatException | IndexOutOfBoundsException e) {
>> 204: throw new IllegalArgumentException("Malformed escape pair: " + s);
>
> I would suggest turning the assert at line 200 into a proper bound check and throw IllegalArgumentException if `n - i >= 2`
I meant if `n - i` is **not** `>= 2` of course.
-------------
PR: https://git.openjdk.org/jdk/pull/8155
More information about the net-dev
mailing list