Critical Description
I discovered a case which can trigger a StringIndexOutOfBoundsException in CommandLineParser.parse().
The following code-snippet reproduces it:
CommandLineParser parser = new DefaultParser();
Options options = new Options();
parser.parse(options, new String[] {"-=-"});
When run against current commons-cli 1.5.0 as well as on latest git, it causes the following stacktrace:
Exception in thread "main" java.lang.StringIndexOutOfBoundsException: begin 0, end 1, length 0 at java.base/java.lang.String.checkBoundsBeginEnd(String.java:3319) at java.base/java.lang.String.substring(String.java:1874) at org.apache.commons.cli.DefaultParser.isJavaProperty(DefaultParser.java:583) at org.apache.commons.cli.DefaultParser.handleShortAndLongOption(DefaultParser.java:511) at org.apache.commons.cli.DefaultParser.handleToken(DefaultParser.java:542) at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:712) at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:679) at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:660) at org.dstadler.cli.fuzz.Crash_4543e54e8e6239dec6cc2eea74b83d5de693ec71.main(Crash_4543e54e8e6239dec6cc2eea74b83d5de693ec71.java:13)
According to the JavaDoc, all failures to parse the arguments should lead to a ParseException, but it seems this case is not handled currently.
