[LANG-1286] RandomStringUtils random method can overflow and return characters outside of specified range - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.5
Fix Version/s: 3.6
Component/s: lang.*
Labels:
None

Description

RandomStringUtils.random() can overflow and return characters that are outside the range specified by the start and end parameters. This is because it casts a random integer in the range [start,end) to a character, without checking if this will overflow.

Example failing test case:

@Test
public void testCharOverflow() throws Exception {
    int start = 65535;
    int end = Integer.MAX_VALUE;
    
    @SuppressWarnings("serial")
    Random fixedRandom = new Random() {
        @Override
        public int nextInt(int n) {
            // Prevents selection of 'start' as the character
            return 1;
        }
    };
    
    String result = RandomStringUtils.random(1, start, end, false, false, null, fixedRandom);
    char c = result.charAt(0);
    assertTrue(c >= start && c < end);
}

Attachments

Activity

People

Assignee:: Duncan Jones

Reporter:: Duncan Jones

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 17/Nov/16 21:00

Updated:: 14/Dec/16 06:34

Resolved:: 14/Dec/16 06:34