You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@thrift.apache.org by je...@apache.org on 2020/06/28 14:56:11 UTC

[thrift] branch master updated: THRIFT-5190: StringUtils haven't take `(offset + length) > bytes.length` into account Client: java Patch: dugenkui 

This is an automated email from the ASF dual-hosted git repository.

jensg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/thrift.git


The following commit(s) were added to refs/heads/master by this push:
     new 0dd1363  THRIFT-5190: StringUtils haven't take `(offset + length) > bytes.length` into account Client: java Patch: dugenkui <du...@meituan.com>
0dd1363 is described below

commit 0dd1363931ac1f9a531b48ded7f1178194fa4ef6
Author: dugenkui <du...@meituan.com>
AuthorDate: Wed Apr 29 02:41:02 2020 +0800

    THRIFT-5190: StringUtils haven't take `(offset + length) > bytes.length` into account
    Client: java
    Patch: dugenkui <du...@meituan.com>
    
    This closes #2125
---
 .../src/org/apache/thrift/utils/StringUtils.java   |  3 +++
 .../org/apache/thrift/utils/TestStringUtils.java   | 25 ++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/lib/java/src/org/apache/thrift/utils/StringUtils.java b/lib/java/src/org/apache/thrift/utils/StringUtils.java
index 15183a3..9b9671b 100644
--- a/lib/java/src/org/apache/thrift/utils/StringUtils.java
+++ b/lib/java/src/org/apache/thrift/utils/StringUtils.java
@@ -55,6 +55,9 @@ public final class StringUtils {
     if (offset < 0) {
       throw new IndexOutOfBoundsException("Negative start offset " + offset);
     }
+    if (length > bytes.length - offset) {
+      throw new IndexOutOfBoundsException("Invalid range, bytes.length: " + bytes.length + " offset: " + offset + " length: " + length);
+    }
     char[] chars = new char[length * 2];
     for (int i = 0; i < length; i++) {
       int unsignedInt = bytes[i + offset] & 0xFF;
diff --git a/lib/java/test/org/apache/thrift/utils/TestStringUtils.java b/lib/java/test/org/apache/thrift/utils/TestStringUtils.java
index 3a8cf39..3224e77 100644
--- a/lib/java/test/org/apache/thrift/utils/TestStringUtils.java
+++ b/lib/java/test/org/apache/thrift/utils/TestStringUtils.java
@@ -20,6 +20,7 @@
 package org.apache.thrift.utils;
 
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Test;
 
 public class TestStringUtils {
@@ -31,4 +32,28 @@ public class TestStringUtils {
     Assert.assertEquals("EFAB92", StringUtils.bytesToHexString(bytes, 2, 3));
     Assert.assertNull(StringUtils.bytesToHexString(null));
   }
+
+
+  private byte[] bytes;
+
+  @Before
+  public void setUp() throws Exception {
+    bytes = new byte[]{1, 2, 3, 4, 5};
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testNegativeLength() {
+    StringUtils.bytesToHexString(bytes, 0, -1);
+  }
+
+  @Test(expected = IndexOutOfBoundsException.class)
+  public void testNegativeStartOffset() {
+    StringUtils.bytesToHexString(bytes, -1, 1);
+  }
+
+  @Test(expected = IndexOutOfBoundsException.class)
+  public void testInvalidRange() {
+    StringUtils.bytesToHexString(bytes, 5, 1);
+  }
+
 }