Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
Description
The encode(String) method takes in a random String and checks if it is empty. It will go through a few rounds of processing if the given String is not empty. It does contain a check to ensure the String is not empty before processing. But it has some missing checks. Each of the 3 processing methods cleanName(name) / removeVowels(name) / removeDoubleConsonants(name) remove some characters from the String and could cause the string to become empty (length = 0). And that results in StringIndexOutOfBoundException when substring() method is called in the next processing method. For example, if the randomly provided string is .., it gets past the first checking in the encode method and enters the cleanName(name) method. The cleanName(name) method removes the two dots and returns an empty string. Without the additional checking, it causes the StringIndexOutOfBoundException in the substring() method call in the next removeVowels(name) method call cause the length of the string is 0.
Possible fix could add some conditional checking to ensure the string is not empty after each method call. If it is empty after any method call, it will simply return EMPTY and avoid continuing processing onto the next processing method.
We found this bug using fuzzing by way of OSS-Fuzz. It is reported at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64359.
Attachments
Issue Links
- links to