You are viewing a plain text version of this content. The canonical link for it is here.

Posted to slide-dev@jakarta.apache.org by bu...@apache.org on 2005/04/08 22:43:03 UTC

DO NOT REPLY [Bug 34379] New: - URLUtil.URLDecode needs array safety check

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34379>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=34379

           Summary: URLUtil.URLDecode needs array safety check
           Product: Slide
           Version: Nightly
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Other
        AssignedTo: slide-dev@jakarta.apache.org
        ReportedBy: JRRousseau@gmail.com


The following code in org.apache.slide.webdav.util.URLUtil.URLDecode() throws an
ArrayIndexOutOfBoundsException if the "%" is the last or second to last byte in
the array.

                b = (byte) ((convertHexDigit(bytes[ix++]) << 4)
                            + convertHexDigit(bytes[ix++]));

The check would be easy here, but the exception handling in code that calls this
code is, um, light. I think the fix would require throwing an
IllegalArgumentException and fixing all the callers to handle it correctly. The
caller that I looked at eats all Exceptions.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org