Sheung Chi Chan created CODEC-313:
-------------------------------------
Summary: QuotedPrintableCodec.encodeQuotedPrintable throws
ArrayIndexOutOfBoundException
Key: CODEC-313
URL: https://issues.apache.org/jira/browse/CODEC-313
Project: Commons Codec
Issue Type: Bug
Reporter: Sheung Chi Chan
The {{encodeQuotedPrintable()}} method takes in a random byte array and
processes it. If the provided {{strict}} boolean is true, it will go into the
first branch. There is a for loop to loop through the byte array from the index
0 to the index byte.length - 3. The index is then used directly in
{{getUnsignedOctet}} method If the length of the byte array is less than 3, it
will result in a negative index and cause ArrayIndexOutOfBoundsException in
{{getUnsignedOctet()}} method call.
Possible fix could add a conditional check to ensure the index is never
negative. It will simply return null if the byte array is too short (with a
length less than 3) if {{strict}} value is true.
We found this bug using fuzzing by way of OSS-Fuzz. It is reported at
[https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64358].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
