[
https://issues.apache.org/jira/browse/IO-891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gary D. Gregory resolved IO-891.
--------------------------------
Fix Version/s: 2.23.0
Resolution: Fixed
> BoundedReader.skip(long) updates character count incorrectly and can bypass
> configured bounds
> ---------------------------------------------------------------------------------------------
>
> Key: IO-891
> URL: https://issues.apache.org/jira/browse/IO-891
> Project: Commons IO
> Issue Type: Bug
> Reporter: Sarankumar Baskar
> Priority: Major
> Fix For: 2.23.0
>
>
> BoundedReader.skip(long) currently updates its internal charsRead counter
> using the requested skip amount instead of the actual number of characters
> skipped:
> charsRead += n;
> return super.skip(n);
> This has a few problems:
> 1. Reader.skip(long) is not guaranteed to skip the requested number of
> characters. It returns the actual number skipped, which may be smaller than
> n. BoundedReader should update charsRead using that returned value.
> 2. skip(long) does not cap the requested skip amount to the remaining
> maxCharsFromTargetReader limit. This means skip() can move the underlying
> reader beyond the configured bound, while read() correctly enforces the bound.
> 3. charsRead is an int, while n is a long. The compound assignment charsRead
> += n performs an implicit narrowing conversion, which can silently
> overflow/truncate for large skip values.
> Expected behavior:
> - skip(long) should not skip more characters than the remaining BoundedReader
> limit.
> - skip(long) should update charsRead using the actual skipped count returned
> by the underlying reader.
> - large skip values such as Long.MAX_VALUE should not overflow the internal
> charsRead counter.
> - skip(long) should respect the same maxCharsFromTargetReader and
> mark/readAheadLimit constraints as read().
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
