[LANG-1723] Throw NumberFormatException instead of IndexOutOfBoundsException in NumberUtils.getMantissa(String, int) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.15.0
Component/s: None
Labels:
None

External issue URL:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64862
External issue ID:
64862

Description

There is a missing check in the NumberUtils.getMantissa(String, Integer) method where a possible IndexOutOfBoundsException could be thrown when invalid str and stopPos are given.

private static String getMantissa(final String str, final int stopPos) {        
    final char firstChar = str.charAt(0);
    final boolean hasSign = firstChar == '-' || firstChar == '+';
    return hasSign ? str.substring(1, stopPos) : str.substring(0, stopPos); }

When getMantissa("-", 0); is called, the substring method throws IndexOutOfBoundsException. This could happen when calling the public NumberUtils.createNumber("-");.

A checking can be added to the method and throw NumberFormatException when the number is invalid.

Attachments

Issue Links

links to

GitHub Pull Request #1145

Activity

People

Assignee:: Unassigned

Reporter:: Sheung Chi Chan

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Dec/23 14:50

Updated:: 09/Dec/23 14:33

Resolved:: 09/Dec/23 14:33