[
https://issues.apache.org/jira/browse/CODEC-313?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gary D. Gregory resolved CODEC-313.
-----------------------------------
Fix Version/s: 1.16.1
Resolution: Fixed
PR merged.
> QuotedPrintableCodec.encodeQuotedPrintable throws
> ArrayIndexOutOfBoundException
> -------------------------------------------------------------------------------
>
> Key: CODEC-313
> URL: https://issues.apache.org/jira/browse/CODEC-313
> Project: Commons Codec
> Issue Type: Bug
> Reporter: Sheung Chi Chan
> Priority: Minor
> Labels: ArrayIndexOutOfBoundsException
> Fix For: 1.16.1
>
>
> The {{encodeQuotedPrintable()}} method takes in a random byte array and
> processes it. If the provided {{strict}} boolean is true, it will go into the
> first branch. There is a for loop to loop through the byte array from the
> index 0 to the index byte.length - 3. The index is then used directly in
> {{getUnsignedOctet}} method If the length of the byte array is less than 3,
> it will result in a negative index and cause ArrayIndexOutOfBoundsException
> in {{getUnsignedOctet()}} method call.
> Possible fix could add a conditional check to ensure the index is never
> negative. It will simply return null if the byte array is too short (with a
> length less than 3) if {{strict}} value is true.
> We found this bug using fuzzing by way of OSS-Fuzz. It is reported at
> [https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64358].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
