[
https://issues.apache.org/jira/browse/CODEC-315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gary D. Gregory resolved CODEC-315.
-----------------------------------
Fix Version/s: 1.16.1
Resolution: Fixed
PR merged.
> PhoneticEngine.encode throws StringArrayIndexOutOfBoundException and
> ArrayIndexOutOfBoundException
> --------------------------------------------------------------------------------------------------
>
> Key: CODEC-315
> URL: https://issues.apache.org/jira/browse/CODEC-315
> Project: Commons Codec
> Issue Type: Bug
> Reporter: Sheung Chi Chan
> Priority: Minor
> Labels: ArrayIndexOutOfBoundsException, StringIndexOutOfBound
> Fix For: 1.16.1
>
>
> The encode() method takes in a random String and processes it. In some of the
> cases, it could result in an ArrayIndexOutOfBoundException or
> StringIndexOutOfBoundException.
> If the preset NameType is SEPHARDIC. It will run the case branch in
> [Line#410|https://github.com/apache/commons-codec/blob/master/src/main/java/org/apache/commons/codec/language/bm/PhoneticEngine.java#L410].
> If the provided string only contains the "'" character, the split method
> call shown below will return an empty array because String.split("'") is
> equal to String.split("'", 0) and all trailing empty string in the result
> will be removed according to the [JDK
> documentation|https://docs.oracle.com/javase/8/docs/api/java/lang/String.html#split-java.lang.String-int-].
> This empty array makes the next line throw an ArrayIndexOutOfBondException.
> final String[] parts = aWord.split("'");
> words2.add(parts[parts.length - 1]);
> A possible fix could add a -1 parameter should be added to the split method
> to ensure the return size of the split result is never 0.
> In later
> [Line#415|https://github.com/apache/commons-codec/blob/master/src/main/java/org/apache/commons/codec/language/bm/PhoneticEngine.java#L415]
> and
> [Line#419|https://github.com/apache/commons-codec/blob/master/src/main/java/org/apache/commons/codec/language/bm/PhoneticEngine.java#L419],
> the logic removes all words equal to the name prefix of the chosen NameType.
> If words2 only contains a prefix, the removeAll method call could make words2
> empty. This makes
> [Line#437|https://github.com/apache/commons-codec/blob/master/src/main/java/org/apache/commons/codec/language/bm/PhoneticEngine.java#L437]
> never run and keeps the StringBuilder object result empty. If the result is
> empty, the substring method throws and StringIndexOutOfBoundException.
> final StringBuilder result = new StringBuilder();
> words2.forEach(word > result.append("").append(encode(word)));
> // return the result without the leading "-"
> return result.substring(1);
> A possible fix could add a check to ensure word2 is not empty before
> processing it and doing the substring.
>
> We found this bug using fuzzing by way of OSS-Fuzz. It is reported at
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64376 and
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64395.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
