RFR: 8282395: URL.openConnection can throw IOOBE [v4]
Daniel Fuchs
dfuchs at openjdk.org
Fri Sep 30 13:44:25 UTC 2022
On Fri, 30 Sep 2022 09:11:30 GMT, KIRIYAMA Takuya <duke at openjdk.org> wrote:
>> I fixed sun.net.www.ParseUtil.decode().
>>
>> ParseUtil.decode() always tries to decode after parsing '%', so if '%' is located at the end of the String, IndexOutOfBoundsException is thrown. Also, if '%' is shown after decodable string and following string is not decodable (e.g: "%25%s%G1"), ParseUtil.decode() throws IllegalArgumentException.
>>
>> But URL standard says below (https://url.spec.whatwg.org/#percent-decode).
>>
>>
>> Otherwise, if byte is 0x25 (%) and the next two bytes after byte in input are not in the ranges
>> 0x30 (0) to 0x39 (9), 0x41 (A) to 0x46 (F), and 0x61 (a) to 0x66 (f), all inclusive, append byte to output.
>>
>>
>> So, there should be used isEscaped() to judge to decode.
>>
>> Would you please review this fix?
>
> KIRIYAMA Takuya has updated the pull request incrementally with one additional commit since the last revision:
>
> 8282395: URL.openConnection can throw IOOBE
Changes requested by dfuchs (Reviewer).
src/java.base/share/classes/sun/net/www/ParseUtil.java line 200:
> 198: int ui = i;
> 199: for (;;) {
> 200: if (n - i >= 2) {
OK - the test should be inverted - sorry for not noticing that earlier. It should be `n - i < 2`. It's causing massive failures in the CI. Can you please run at least the tests under jdk/sun/net and jdk/java/net after making the change?
-------------
PR: https://git.openjdk.org/jdk/pull/8155
More information about the net-dev
mailing list