RFR: 8367049: URLPermission.<init> throws StringIndexOutOfBoundsException in avm mode [v2]

[Daniel Fuchs]

On Tue, 4 Nov 2025 17:37:24 GMT, Oumaiyma Intissar <duke at openjdk.org> wrote:

>> Constructing URLPermission with an empty/missing host in the authority (e.g., `"http:///path"`) could throw `StringIndexOutOfBoundsException`.
>> 
>> **Problem**
>> Empty or malformed authorities reach HostPortrange, which does `charAt(0)` without checking, causing `StringIndexOutOfBoundsException`.
>> 
>> **Fix**
>> - `URLPermission.Authority`: after stripping userinfo, fail fast if host part is empty.
>> - `HostPortrange`: add guards for null/empty input and leading ':' (port without host).
>> - No `HttpURLConnection` changes needed in JDK 26 (the `SecurityManager` permission path is gone).
>> 
>> **Compatibility**
>> Only affects malformed inputs: previously `StringIndexOutOfBoundsException`, now `IllegalArgumentException`. Valid inputs unaffected.
>> 
>> **Testing**
>> New jtreg test: `test/jdk/java/net/URLPermission/EmptyAuthorityTest.java` verifies `IllegalArgumentException` for malformed authorities and success for valid ones.
>
> Oumaiyma Intissar has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix missing newline at end of EmptyAuthorityTest.java
>   
>   Add missing newline at the end of the file.

src/java.base/share/classes/java/net/HostPortrange.java line 71:

> 69:         if (host.charAt(0) == ':') {
> 70:             throw new IllegalArgumentException("missing host in authority: " + host);
> 71:         }

Throwing if the host part is not present is a different fix - and a change of behavior.
It seems it has always been possible to construct an URLPermission of the form:

`new URLPermission("http://:999/foo");`

I am not sure what that would be useful for - but I'd suggest we track that with another issue if you want to pursue it.

I'd suggest to revert lines 68-71

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/27896#discussion_r2493875961