commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henri Yandell (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (LANG-806) RandomStringUtils can enter infinite loop if chosen char does not meet letter/digit requirements
Date Wed, 16 Oct 2013 08:53:44 GMT

     [ https://issues.apache.org/jira/browse/LANG-806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Henri Yandell updated LANG-806:
-------------------------------

    Fix Version/s: Review Patch

> RandomStringUtils can enter infinite loop if chosen char does not meet letter/digit requirements
> ------------------------------------------------------------------------------------------------
>
>                 Key: LANG-806
>                 URL: https://issues.apache.org/jira/browse/LANG-806
>             Project: Commons Lang
>          Issue Type: Bug
>          Components: lang.*
>    Affects Versions: 2.6, 3.1
>            Reporter: Sebb
>             Fix For: Review Patch
>
>         Attachments: LANG-806.patch, RandomStringException.java
>
>
> An infinite loop can result if the selection process never returns a char that passes
the validation test.
> This can occur if the subset specified by the start and end characters does not contain
any valid characters.
> For example:
> RandomStringUtils.random(3, 5, 10, true, true); // 1
> RandomStringUtils.random(3, 56192, 56319, false, false); // 2
> There's also the case where only surrogates are allowed, but the buffer is not an even
number of characters, for example:
> RandomStringUtils.random(3, 56320, 57343, false, false); // 3
> The second example is easy to detect, but in general it does not seem easy to determine
in advance if the subset contains any valid characters - except by evaluating all the possible
char values. This would be expensive if the subset range is large.
> One possibility is to count the total number of loops (or retries), and throw an error
if it exceeds a given value. Or count the number of consecutive retries.
> In both cases the threshold value must be set high enough to allow for the cases where
the allowable char range contains only a small proportion of valid characters. 
> In the case of digits only, the default allowable range is currently set to digits +
letters, so the proportion of valid chars is 10/90 i.e. approx 11%.
> A minimum proportion of 1% or 0.1% would be necessary to reduce the number of false positives.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message