Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
2.6, 3.1
-
None
-
None
Description
An infinite loop can result if the selection process never returns a char that passes the validation test.
This can occur if the subset specified by the start and end characters does not contain any valid characters.
For example:
RandomStringUtils.random(3, 5, 10, true, true); // 1 RandomStringUtils.random(3, 56192, 56319, false, false); // 2
There's also the case where only surrogates are allowed, but the buffer is not an even number of characters, for example:
RandomStringUtils.random(3, 56320, 57343, false, false); // 3
The second example is easy to detect, but in general it does not seem easy to determine in advance if the subset contains any valid characters - except by evaluating all the possible char values. This would be expensive if the subset range is large.
One possibility is to count the total number of loops (or retries), and throw an error if it exceeds a given value. Or count the number of consecutive retries.
In both cases the threshold value must be set high enough to allow for the cases where the allowable char range contains only a small proportion of valid characters.
In the case of digits only, the default allowable range is currently set to digits + letters, so the proportion of valid chars is 10/90 i.e. approx 11%.
A minimum proportion of 1% or 0.1% would be necessary to reduce the number of false positives.
Attachments
Attachments
Issue Links
- relates to
-
LANG-1284 RandomStringUtils' random method goes into an infinite loop
- Closed
- links to