Ekaterina Zilotina created ARTEMIS-4926:
-------------------------------------------
Summary: IllegalArgumentException in UriSupport.parseParameters
Key: ARTEMIS-4926
URL: https://issues.apache.org/jira/browse/ARTEMIS-4926
Project: ActiveMQ Artemis
Issue Type: Bug
Reporter: Ekaterina Zilotina
Attachments: UriSupportFuzzer.java.txt,
UriSupportcrash-00152a429040cf0bb95bdce6422303498a30631a,
UriSupportcrash-084e9380bd54a4f1eba0131ca1d67f2720c76025,
UriSupportcrash-90b1ee0ba36f0cae32ac20469ce0d3ddcfa8e5fa,
UriSupportcrash-a520043b41390db8ef10a6675f43ecf6faa7e859,
UriSupportcrash-b46a887ae8b7dea48921f85c09f35694d9f502b9, fuzz_state.txt
Function *URLDecoder.decode()* uses in lines
[147|https://github.com/apache/activemq-artemis/blob/b4d3a776499cb3ef9a350107faa998c81b20c3e6/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/uri/URISupport.java#L147]
and
[148|https://github.com/apache/activemq-artemis/blob/b4d3a776499cb3ef9a350107faa998c81b20c3e6/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/uri/URISupport.java#L148]
(URISupport.java) and can produce {*}IllegalArgumentException{*}, which won't
be catched when function *UriSupport.parseParameters()* works.
This error was found with pure *UriSupport.parseParameters(URI uri)* fuzz
testing and may be it does not pose a risk to artemis, but this is important to
me, because in this code area there isn't any handling of it.
crash samples, fuzz test and part of jazzer log are below
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
