Duncan Jones created LANG-1286: ---------------------------------- Summary: RandomStringUtils random method can overflow and return characters outside of specified range Key: LANG-1286 URL: https://issues.apache.org/jira/browse/LANG-1286 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.5 Reporter: Duncan Jones
{{RandomStringUtils.random()}} can overflow and return characters that are outside the range specified by the {{start}} and {{end}} parameters. This is because it casts a random integer in the range {{[start,end)}} to a character, without checking if this will overflow. Example failing test case: {code} @Test public void testCharOverflow() throws Exception { int start = 65535; int end = Integer.MAX_VALUE; @SuppressWarnings("serial") Random fixedRandom = new Random() { @Override public int nextInt(int n) { // Prevents selection of 'start' as the character return 1; } }; String result = RandomStringUtils.random(1, start, end, false, false, null, fixedRandom); char c = result.charAt(0); assertTrue(c >= start && c < end); } {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)