Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.4, 2.5
-
OS: Ubuntu 16.04
java version "1.7.0_80"
Java(TM) SE Runtime Environment (build 1.7.0_80-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed mode)
Description
BOMInputStream constructor code sorts array of BOMs to distinguish between UTF-32LE and UTF-16LE:
public BOMInputStream(InputStream delegate, boolean include, ByteOrderMark... boms) { super(delegate); if (boms == null || boms.length == 0) { throw new IllegalArgumentException("No BOMs specified"); } this.include = include; // Sort the BOMs to match the longest BOM first because some BOMs have the same starting two bytes. Arrays.sort(boms, ByteOrderMarkLengthComparator); this.boms = Arrays.asList(boms); }
The problem is the array is sorted in-place so that's 1) not expected by the caller 2) makes code not safe, if array is shared between threads and all create BOMInputStreams with single array of BOMs results are unpredictable.
Instead a copy of the input array should be made and then sorted.