[
https://issues.apache.org/jira/browse/SUREFIRE-1522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16481620#comment-16481620
]
ASF GitHub Bot commented on SUREFIRE-1522:
------------------------------------------
asfgit closed pull request #185: [SUREFIRE-1522] fix escapeBytesToPrintable
bounds check
URL: https://github.com/apache/maven-surefire/pull/185
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/surefire-api/src/main/java/org/apache/maven/surefire/util/internal/StringUtils.java
b/surefire-api/src/main/java/org/apache/maven/surefire/util/internal/StringUtils.java
index b0665bd1e..2a0783ea8 100644
---
a/surefire-api/src/main/java/org/apache/maven/surefire/util/internal/StringUtils.java
+++
b/surefire-api/src/main/java/org/apache/maven/surefire/util/internal/StringUtils.java
@@ -233,7 +233,7 @@ else if ( ch >= 'A' )
* @return number of bytes written to {@code out}
* @throws NullPointerException if the specified parameter {@code header}
or {@code input} is null
* @throws IndexOutOfBoundsException if {@code off} or {@code len} is out
of range
- * ({@code off < 0 || len < 0 || off >= input.length || len >
input.length || off > len})
+ * ({@code off < 0 || len < 0 || off >= input.length || len >
input.length || off + len > input.length})
*/
@SuppressWarnings( "checkstyle:magicnumber" )
public static EncodedArray escapeBytesToPrintable( final byte[] header,
final byte[] input, final int off,
@@ -243,10 +243,10 @@ public static EncodedArray escapeBytesToPrintable( final
byte[] header, final by
{
return EncodedArray.EMPTY;
}
- if ( off < 0 || len < 0 || off >= input.length || len > input.length
|| off > len )
+ if ( off < 0 || len < 0 || off >= input.length || len > input.length
|| off + len > input.length )
{
throw new IndexOutOfBoundsException(
- "off < 0 || len < 0 || off >= input.length || len >
input.length || off > len" );
+ "off < 0 || len < 0 || off >= input.length || len >
input.length || off + len > input.length" );
}
// Hex-escaping can be up to 3 times length of a regular byte. Last
character is '\n', see (+1).
final byte[] encodeBytes = new byte[header.length + 3 * len + 1];
diff --git
a/surefire-api/src/test/java/org/apache/maven/surefire/util/internal/StringUtilsTest.java
b/surefire-api/src/test/java/org/apache/maven/surefire/util/internal/StringUtilsTest.java
index 96e5ed31a..e686086e9 100644
---
a/surefire-api/src/test/java/org/apache/maven/surefire/util/internal/StringUtilsTest.java
+++
b/surefire-api/src/test/java/org/apache/maven/surefire/util/internal/StringUtilsTest.java
@@ -119,4 +119,24 @@ public void testEmptyByteArray()
assertEquals( 0, encodedArray.getSize() );
assertEquals( 0, encodedArray.getArray().length );
}
+
+ public void testSubstringSmall()
+ {
+ byte[] header = { (byte) 'a' };
+ byte[] input = "PleaseLookAfterThisBear".getBytes();
+ EncodedArray encodedArray = StringUtils.escapeBytesToPrintable(
header, input,
+ "Please".length(), "Look".length() );
+ assertEquals( "Look",
+ new String( encodedArray.getArray(), 1,
encodedArray.getArray().length-1).trim() );
+ }
+
+ public void testSubstringLarge()
+ {
+ byte[] header = { (byte) 'a' };
+ byte[] input = "TheQuickBrownFoxJumpsOverTheLazyDog".getBytes();
+ EncodedArray encodedArray = StringUtils.escapeBytesToPrintable(
header, input,
+ "The".length(), "QuickBrownFoxJumpsOverTheLazy".length() );
+ assertEquals( "QuickBrownFoxJumpsOverTheLazy",
+ new String( encodedArray.getArray(), 1,
encodedArray.getArray().length-1).trim() );
+ }
}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> IndexOutOfBoundsException for System.out.write
> ----------------------------------------------
>
> Key: SUREFIRE-1522
> URL: https://issues.apache.org/jira/browse/SUREFIRE-1522
> Project: Maven Surefire
> Issue Type: Bug
> Components: Maven Failsafe Plugin, Maven Surefire Plugin, process
> forking
> Affects Versions: 2.21.0
> Reporter: Rob Platt
> Assignee: Tibor Digana
> Priority: Major
> Fix For: 2.22.0
>
>
> There is a regression, I believe caused by -SUREFIRE-1454-. Git blame seems
> to confirm this; and there was a related regression for empty arrays
> SUREFIRE-1515.
> It can be easily reproduced with the following test:
>
> {code:java}
> import org.junit.jupiter.api.Test;
> import java.nio.charset.StandardCharsets;
> public class SurefireLoggingTest {
> private final byte[] aNiceString = "what fun times, standard out is
> broken\n".getBytes(StandardCharsets.US_ASCII);
> @Test
> public void fun() {
> System.out.write(aNiceString, 5, 3);
> }
> @Test
> public void fun_times() {
> System.out.write(aNiceString, 5, 9);
> }
> }
> {code}
>
> Both tests will pass under Intellij, writing "fun" and "fun times" to
> System.out. Whereas, with Surefire capturing standard out when running from
> maven, only fun_times() passes. fun() will fail with:
>
> {noformat}
> java.lang.IndexOutOfBoundsException: off < 0 || len < 0 || off >=
> input.length || len > input.length || off > len{noformat}
>
> If you look at the Javadoc contract for PrintStream.write(byte buf[], int
> off, int len), you can see that len is "Number of bytes to write", so you can
> see that it should be fine to print the substring "fun", of length 3, at
> offset 5. And indeed that is what happens in Intellij.
>
> I suspect that the failing test isolates the problem to when the offset
> "exceeds" the length of the substring. The wrong length is being checked in
> StringUtils.escapeBytesToPrintable(). I think that the check intended to
> ensure the offset didn't exceed the end of the byte array, not the length of
> the slice. But that is already covered by "off >= input.length". So there is
> no benefit to also checking "off > len".
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
