commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Duncan Jones (JIRA)" <j...@apache.org>
Subject [jira] [Created] (LANG-1286) RandomStringUtils random method can overflow and return characters outside of specified range
Date Thu, 17 Nov 2016 21:01:02 GMT
Duncan Jones created LANG-1286:
----------------------------------

             Summary: RandomStringUtils random method can overflow and return characters outside
of specified range
                 Key: LANG-1286
                 URL: https://issues.apache.org/jira/browse/LANG-1286
             Project: Commons Lang
          Issue Type: Bug
          Components: lang.*
    Affects Versions: 3.5
            Reporter: Duncan Jones


{{RandomStringUtils.random()}} can overflow and return characters that are outside the range
specified by the {{start}} and {{end}} parameters. This is because it casts a random integer
in the range {{[start,end)}} to a character, without checking if this will overflow.

Example failing test case:

{code}
@Test
public void testCharOverflow() throws Exception {
    int start = 65535;
    int end = Integer.MAX_VALUE;
    
    @SuppressWarnings("serial")
    Random fixedRandom = new Random() {
        @Override
        public int nextInt(int n) {
            // Prevents selection of 'start' as the character
            return 1;
        }
    };
    
    String result = RandomStringUtils.random(1, start, end, false, false, null, fixedRandom);
    char c = result.charAt(0);
    assertTrue(c >= start && c < end);
}
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message