You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Duncan Jones (JIRA)" <ji...@apache.org> on 2016/12/14 06:34:58 UTC

[jira] [Closed] (LANG-1286) RandomStringUtils random method can overflow and return characters outside of specified range

     [ https://issues.apache.org/jira/browse/LANG-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Duncan Jones closed LANG-1286.
------------------------------
       Resolution: Fixed
         Assignee: Duncan Jones
    Fix Version/s: 3.6

Fixed in commit 7f7fa03ea.

The class needs an overhaul to make better use of the code point methods in {{Character}}. I'll work on that in future commits.

{quote}
Repository: commons-lang
Updated Branches:
 refs/heads/master 35c27d025 -> 7f7fa03ea


Fix for LANG-1286: RandomStringUtils random method can overflow...

Project: http://git-wip-us.apache.org/repos/asf/commons-lang/repo
Commit: http://git-wip-us.apache.org/repos/asf/commons-lang/commit/f643b4fa
Tree: http://git-wip-us.apache.org/repos/asf/commons-lang/tree/f643b4fa
Diff: http://git-wip-us.apache.org/repos/asf/commons-lang/diff/f643b4fa
{quote}

> RandomStringUtils random method can overflow and return characters outside of specified range
> ---------------------------------------------------------------------------------------------
>
>                 Key: LANG-1286
>                 URL: https://issues.apache.org/jira/browse/LANG-1286
>             Project: Commons Lang
>          Issue Type: Bug
>          Components: lang.*
>    Affects Versions: 3.5
>            Reporter: Duncan Jones
>            Assignee: Duncan Jones
>             Fix For: 3.6
>
>
> {{RandomStringUtils.random()}} can overflow and return characters that are outside the range specified by the {{start}} and {{end}} parameters. This is because it casts a random integer in the range {{[start,end)}} to a character, without checking if this will overflow.
> Example failing test case:
> {code}
> @Test
> public void testCharOverflow() throws Exception {
>     int start = 65535;
>     int end = Integer.MAX_VALUE;
>     
>     @SuppressWarnings("serial")
>     Random fixedRandom = new Random() {
>         @Override
>         public int nextInt(int n) {
>             // Prevents selection of 'start' as the character
>             return 1;
>         }
>     };
>     
>     String result = RandomStringUtils.random(1, start, end, false, false, null, fixedRandom);
>     char c = result.charAt(0);
>     assertTrue(c >= start && c < end);
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)