[jira] [Commented] (SLING-13065) SlingUriBuilder parse results in java.lang.StringIndexOutOfBoundsException

Wed, 21 Jan 2026 02:23:16 -0800 


    [ 
https://issues.apache.org/jira/browse/SLING-13065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18053270#comment-18053270
 ] 

Robin Brouns commented on SLING-13065:
--------------------------------------

A possible solution would be to stop further processing if there is no _dot_ 
character within the path: 
[https://github.com/apache/sling-org-apache-sling-api/pull/74/files#diff-171a3a6d7fc55001f86f2c9d83fa7d9e0e7901834a7f9f6ea028bee2d65c36b2R448]

Because the method _setPathWithDefinedResourcePosition_ intends to get a 
_firstDotPositionAfterResourcePath_ as an index. The other way would be to make 
_setPathWithDefinedResourcePosition_ more robust.

> SlingUriBuilder parse results in java.lang.StringIndexOutOfBoundsException
> --------------------------------------------------------------------------
>
>                 Key: SLING-13065
>                 URL: https://issues.apache.org/jira/browse/SLING-13065
>             Project: Sling
>          Issue Type: Bug
>          Components: API
>    Affects Versions: API 3.0.4
>            Reporter: Robin Brouns
>            Priority: Major
>
>  
> When making use of SlingUriBuilder to parse or create an new instance from a 
> valid URI like:
> {code:java}
> SlingUriBuilder.parse("https://sling.apache.org/apidocs/sling12/";, resolver)
>         .build() {code}
> {code:java}
> URI input = new URI("https://sling.apache.org/apidocs/sling12/";);
> SlingUri testUri = SlingUriBuilder.createFrom(input, resolver)
>         .build(); {code}
> the SlingUriBuilder tries to _rebase_ the resource path. But the check for 
> adjusting the resource path, is not safe.
>  
> Calling it with above inputs leads to: 
> _java.lang.StringIndexOutOfBoundsException_
> {code:java}
> java.lang.StringIndexOutOfBoundsException: begin 17, end 16, length 17
>     at java.base/java.lang.String.checkBoundsBeginEnd(String.java:4608)
>     at java.base/java.lang.String.substring(String.java:2711)
>     at 
> org.apache.sling.api.uri.SlingUriBuilder.setPathWithDefinedResourcePosition(SlingUriBuilder.java:997)
>     at 
> org.apache.sling.api.uri.SlingUriBuilder.rebaseResourcePath(SlingUriBuilder.java:451)
>     at 
> org.apache.sling.api.uri.SlingUriBuilder.setPath(SlingUriBuilder.java:394) 
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to