Harmony
  1. Harmony
  2. HARMONY-6499

[classlib][luni] URLStreamHandler.parseURL throws different exception to RI in some cases

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.0M15
    • Component/s: Classlib
    • Labels:
      None
    • Patch Info:
      Patch Available
    • Estimated Complexity:
      Novice

      Description

      java.net.URLStreamHandler throws a SecurityException in some situations where the RI will throw a StringIndexOutOfBoundsException. From experimenting with test cases I think the RI is checking bounds as it parses the URL and not up front, which causes some inconsistent behaviour. There's already one work-around added to this method in order to make it more compatible (HARMONY-2941)

      The following all throw SecurityExceptions on Harmony (when called with a handler that is not the URL's protocol handler) where they throw StringIndexOutOfBoundsExceptions on the RI:
      handler.parse(url, "any", 10, Integer.MIN_VALUE);
      handler.parse(url, "any", 10, Integer.MIN_VALUE+1);
      handler.parse(url, "any", Integer.MIN_VALUE, Integer.MIN_VALUE);
      handler.parse(url, "any", Integer.MIN_VALUE, 2);

      1. ASF.LICENSE.NOT.GRANTED--6499.patch
        3 kB
        Catherine Hope
      2. 6499-2.patch
        4 kB
        Catherine Hope

        Activity

        Hide
        Catherine Hope added a comment -

        Verified, thanks

        Show
        Catherine Hope added a comment - Verified, thanks
        Hide
        Hudson added a comment -

        Integrated in Harmony-1.5-head-linux-x86_64 #856 (See http://hudson.zones.apache.org/hudson/job/Harmony-1.5-head-linux-x86_64/856/)
        Apply (slightly reformatted) patch for HARMONY-6499 ([classlib][luni] URLStreamHandler.parseURL throws different exception to RI in some cases)

        Show
        Hudson added a comment - Integrated in Harmony-1.5-head-linux-x86_64 #856 (See http://hudson.zones.apache.org/hudson/job/Harmony-1.5-head-linux-x86_64/856/ ) Apply (slightly reformatted) patch for HARMONY-6499 ( [classlib] [luni] URLStreamHandler.parseURL throws different exception to RI in some cases)
        Hide
        Hudson added a comment -

        Integrated in Harmony-select-1.5-head-linux-x86_64 #35 (See http://hudson.zones.apache.org/hudson/job/Harmony-select-1.5-head-linux-x86_64/35/)
        Apply (slightly reformatted) patch for HARMONY-6499 ([classlib][luni] URLStreamHandler.parseURL throws different exception to RI in some cases)

        Show
        Hudson added a comment - Integrated in Harmony-select-1.5-head-linux-x86_64 #35 (See http://hudson.zones.apache.org/hudson/job/Harmony-select-1.5-head-linux-x86_64/35/ ) Apply (slightly reformatted) patch for HARMONY-6499 ( [classlib] [luni] URLStreamHandler.parseURL throws different exception to RI in some cases)
        Hide
        Tim Ellison added a comment -

        Thanks Cath,

        I applied a slightly reformatted version of the patch to the LUNI module at repo revision r954849.

        I think we are pushing the bounds of RI compatibility here. I applied it since it is a small change to the compatibility changes already in place, but am left wondering how far this might go ;-/

        Please verify it was applied as you expected.

        Show
        Tim Ellison added a comment - Thanks Cath, I applied a slightly reformatted version of the patch to the LUNI module at repo revision r954849. I think we are pushing the bounds of RI compatibility here. I applied it since it is a small change to the compatibility changes already in place, but am left wondering how far this might go ;-/ Please verify it was applied as you expected.
        Hide
        Catherine Hope added a comment -

        Found another corner case for the parseURL method (when end index is less than 0 don't perform bounds checks), so use this patch instead of the earlier one.

        Show
        Catherine Hope added a comment - Found another corner case for the parseURL method (when end index is less than 0 don't perform bounds checks), so use this patch instead of the earlier one.
        Hide
        Catherine Hope added a comment -

        Attached patch changes the parseURL method as follows:

        • if the end index is less than the start index - make additional compatibility checks and throw StringIndexOufOfBoundsException if required, then make security check
        • otherwise call String.substring method and parse the URL

        I've moved the existing compatibility check into the first conditional so it's a bit more efficient, though it is still an ugly workaround. I did try doing the bounds checks as the URL was parsed but it was even harder to match behaviour.

        Show
        Catherine Hope added a comment - Attached patch changes the parseURL method as follows: if the end index is less than the start index - make additional compatibility checks and throw StringIndexOufOfBoundsException if required, then make security check otherwise call String.substring method and parse the URL I've moved the existing compatibility check into the first conditional so it's a bit more efficient, though it is still an ugly workaround. I did try doing the bounds checks as the URL was parsed but it was even harder to match behaviour.

          People

          • Assignee:
            Tim Ellison
            Reporter:
            Catherine Hope
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development