[CODEC-314] PercentCodec.insertAlwaysEncodeChars throws IndexOutOfBoundException - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.16.1
Labels:
- IndexOutOfBoundException

External issue URL:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64362
External issue ID:
64362
Language:
- java

Description

The insertAlwaysEncodeChars() method takes in a random byte array (through the constructor of PercentCodec class) and processes it byte by byte. Each byte is passed to insertAlwaysEncodeChar() to set the corresponding bit in the BitSet object alwaysEncodeChars to true by calling the set() method of the BitSet object. As BitSet only accept positive index, if any byte is negative, it will cause IndexOutOfBoundsException when calling the set() method.

Possible fix could add a conditional check to ensure only valid bytes (positive or zero) are processed.

We found this bug using fuzzing by way of OSS-Fuzz. It is reported at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64362.

Attachments

Issue Links

links to

GitHub Pull Request #222

Activity

People

Assignee:: Unassigned

Reporter:: Sheung Chi Chan

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 22/Nov/23 16:44

Updated:: 04/Dec/23 23:31

Resolved:: 03/Dec/23 20:18