Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
Description
The encode() method takes in a random String and processes it. In some of the cases, it could result in an ArrayIndexOutOfBoundException or StringIndexOutOfBoundException.
If the preset NameType is SEPHARDIC. It will run the case branch in Line#410. If the provided string only contains the "'" character, the split method call shown below will return an empty array because String.split("'") is equal to String.split("'", 0) and all trailing empty string in the result will be removed according to the JDK documentation. This empty array makes the next line throw an ArrayIndexOutOfBondException.
final String[] parts = aWord.split("'");
words2.add(parts[parts.length - 1]);
A possible fix could add a -1 parameter should be added to the split method to ensure the return size of the split result is never 0.
In later Line#415 and Line#419, the logic removes all words equal to the name prefix of the chosen NameType. If words2 only contains a prefix, the removeAll method call could make words2 empty. This makes Line#437 never run and keeps the StringBuilder object result empty. If the result is empty, the substring method throws and StringIndexOutOfBoundException.
final StringBuilder result = new StringBuilder();
words2.forEach(word > result.append("").append(encode(word)));
// return the result without the leading "-"
return result.substring(1);
A possible fix could add a check to ensure word2 is not empty before processing it and doing the substring.
We found this bug using fuzzing by way of OSS-Fuzz. It is reported at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64376 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64395.
Attachments
Issue Links
- links to