diff options
author | dugenkui <dugenkui@meituan.com> | 2020-04-29 02:41:02 +0800 |
---|---|---|
committer | Jens Geyer <jensg@apache.org> | 2020-06-28 16:55:16 +0200 |
commit | 0dd1363931ac1f9a531b48ded7f1178194fa4ef6 (patch) | |
tree | 50bb2f7982572fba20d249ef8f5679035372f4ec /lib/java | |
parent | 86cc6f095c5943cb382e5ef0e5cf889c6e09bd86 (diff) | |
download | thrift-0dd1363931ac1f9a531b48ded7f1178194fa4ef6.tar.gz |
THRIFT-5190: StringUtils haven't take `(offset + length) > bytes.length` into account
Client: java
Patch: dugenkui <dugenkui@meituan.com>
This closes #2125
Diffstat (limited to 'lib/java')
-rw-r--r-- | lib/java/src/org/apache/thrift/utils/StringUtils.java | 3 | ||||
-rw-r--r-- | lib/java/test/org/apache/thrift/utils/TestStringUtils.java | 25 |
2 files changed, 28 insertions, 0 deletions
diff --git a/lib/java/src/org/apache/thrift/utils/StringUtils.java b/lib/java/src/org/apache/thrift/utils/StringUtils.java index 15183a36a..9b9671b69 100644 --- a/lib/java/src/org/apache/thrift/utils/StringUtils.java +++ b/lib/java/src/org/apache/thrift/utils/StringUtils.java @@ -55,6 +55,9 @@ public final class StringUtils { if (offset < 0) { throw new IndexOutOfBoundsException("Negative start offset " + offset); } + if (length > bytes.length - offset) { + throw new IndexOutOfBoundsException("Invalid range, bytes.length: " + bytes.length + " offset: " + offset + " length: " + length); + } char[] chars = new char[length * 2]; for (int i = 0; i < length; i++) { int unsignedInt = bytes[i + offset] & 0xFF; diff --git a/lib/java/test/org/apache/thrift/utils/TestStringUtils.java b/lib/java/test/org/apache/thrift/utils/TestStringUtils.java index 3a8cf39ee..3224e77b3 100644 --- a/lib/java/test/org/apache/thrift/utils/TestStringUtils.java +++ b/lib/java/test/org/apache/thrift/utils/TestStringUtils.java @@ -20,6 +20,7 @@ package org.apache.thrift.utils; import org.junit.Assert; +import org.junit.Before; import org.junit.Test; public class TestStringUtils { @@ -31,4 +32,28 @@ public class TestStringUtils { Assert.assertEquals("EFAB92", StringUtils.bytesToHexString(bytes, 2, 3)); Assert.assertNull(StringUtils.bytesToHexString(null)); } + + + private byte[] bytes; + + @Before + public void setUp() throws Exception { + bytes = new byte[]{1, 2, 3, 4, 5}; + } + + @Test(expected = IllegalArgumentException.class) + public void testNegativeLength() { + StringUtils.bytesToHexString(bytes, 0, -1); + } + + @Test(expected = IndexOutOfBoundsException.class) + public void testNegativeStartOffset() { + StringUtils.bytesToHexString(bytes, -1, 1); + } + + @Test(expected = IndexOutOfBoundsException.class) + public void testInvalidRange() { + StringUtils.bytesToHexString(bytes, 5, 1); + } + } |