StringUtilsTest.java

sebb Sun, 26 Mar 2017 14:43:56 -0700

Author: sebb
Date: Sun Mar 26 21:43:36 2017
New Revision: 1788777

URL: http://svn.apache.org/viewvc?rev=1788777&view=rev
Log:
CODEC-231 StringUtils.equals(CharSequence cs1, CharSequence cs2) can fail with 
String Index OBE


Modified:
    commons/proper/codec/trunk/src/changes/changes.xml
    
commons/proper/codec/trunk/src/main/java/org/apache/commons/codec/binary/StringUtils.java
    
commons/proper/codec/trunk/src/test/java/org/apache/commons/codec/binary/StringUtilsTest.java

Modified: commons/proper/codec/trunk/src/changes/changes.xml
URL: 
http://svn.apache.org/viewvc/commons/proper/codec/trunk/src/changes/changes.xml?rev=1788777&r1=1788776&r2=1788777&view=diff
==============================================================================
--- commons/proper/codec/trunk/src/changes/changes.xml (original)
+++ commons/proper/codec/trunk/src/changes/changes.xml Sun Mar 26 21:43:36 2017
@@ -45,6 +45,7 @@ The <action> type attribute can be add,u
     <release version="1.11" date="2017-MM-DD" description="Feature and fix 
release.">
       <!-- The first attribute below should be the issue id; makes it easier 
to navigate in the IDE outline -->
 
+      <action issue="CODEC-231" dev="sebb" 
type="fix">StringUtils.equals(CharSequence cs1, CharSequence cs2) can fail with 
String Index OBE</action>
       <action issue="CODEC-230" dev="sebb" type="fix">URLCodec.WWW_FORM_URL 
should be private</action>
       <action issue="CODEC-229" dev="sebb" 
type="fix">StringUtils.newStringxxx(null) should return null, not NPE</action>
       <action issue="CODEC-220" dev="sebb" type="add">Fluent interface for 
DigestUtils</action>

Modified: 
commons/proper/codec/trunk/src/main/java/org/apache/commons/codec/binary/StringUtils.java
URL: 
http://svn.apache.org/viewvc/commons/proper/codec/trunk/src/main/java/org/apache/commons/codec/binary/StringUtils.java?rev=1788777&r1=1788776&r2=1788777&view=diff
==============================================================================
--- 
commons/proper/codec/trunk/src/main/java/org/apache/commons/codec/binary/StringUtils.java
 (original)
+++ 
commons/proper/codec/trunk/src/main/java/org/apache/commons/codec/binary/StringUtils.java
 Sun Mar 26 21:43:36 2017
@@ -78,7 +78,7 @@ public class StringUtils {
         if (cs1 instanceof String && cs2 instanceof String) {
             return cs1.equals(cs2);
         }
-        return CharSequenceUtils.regionMatches(cs1, false, 0, cs2, 0, 
Math.max(cs1.length(), cs2.length()));
+        return cs1.length() == cs2.length() && 
CharSequenceUtils.regionMatches(cs1, false, 0, cs2, 0, cs1.length());
     }
 
     /**

Modified: 
commons/proper/codec/trunk/src/test/java/org/apache/commons/codec/binary/StringUtilsTest.java
URL: 
http://svn.apache.org/viewvc/commons/proper/codec/trunk/src/test/java/org/apache/commons/codec/binary/StringUtilsTest.java?rev=1788777&r1=1788776&r2=1788777&view=diff
==============================================================================
--- 
commons/proper/codec/trunk/src/test/java/org/apache/commons/codec/binary/StringUtilsTest.java
 (original)
+++ 
commons/proper/codec/trunk/src/test/java/org/apache/commons/codec/binary/StringUtilsTest.java
 Sun Mar 26 21:43:36 2017
@@ -208,4 +208,33 @@ public class StringUtilsTest {
         final String actual = StringUtils.newStringUtf8(BYTES_FIXTURE);
         Assert.assertEquals(expected, actual);
     }
+
+    @Test
+    public void testEqualsString() {
+        Assert.assertTrue(StringUtils.equals(null, null));
+        Assert.assertFalse(StringUtils.equals("abc", null));
+        Assert.assertFalse(StringUtils.equals(null, "abc"));
+        Assert.assertTrue(StringUtils.equals("abc", "abc"));
+        Assert.assertFalse(StringUtils.equals("abc", "abcd"));
+        Assert.assertFalse(StringUtils.equals("abcd", "abc"));
+        Assert.assertFalse(StringUtils.equals("abc", "ABC"));
+    }
+
+    @Test
+    public void testEqualsCS1() {
+        Assert.assertFalse(StringUtils.equals(new StringBuilder("abc"), null));
+        Assert.assertFalse(StringUtils.equals(null, new StringBuilder("abc")));
+        Assert.assertTrue(StringUtils.equals(new StringBuilder("abc"), new 
StringBuilder("abc")));
+        Assert.assertFalse(StringUtils.equals(new StringBuilder("abc"), new 
StringBuilder("abcd")));
+        Assert.assertFalse(StringUtils.equals(new StringBuilder("abcd"), new 
StringBuilder("abc")));
+        Assert.assertFalse(StringUtils.equals(new StringBuilder("abc"), new 
StringBuilder("ABC")));
+    }
+
+    @Test
+    public void testEqualsCS2() {
+        Assert.assertTrue(StringUtils.equals("abc", new StringBuilder("abc")));
+        Assert.assertFalse(StringUtils.equals(new StringBuilder("abc"), 
"abcd"));
+        Assert.assertFalse(StringUtils.equals("abcd", new 
StringBuilder("abc")));
+        Assert.assertFalse(StringUtils.equals(new StringBuilder("abc"), 
"ABC"));
+    }
 }

svn commit: r1788777 - in /commons/proper/codec/trunk/src: changes/changes.xml main/java/org/apache/commons/codec/binary/StringUtils.java test/java/org/apache/commons/codec/binary/StringUtilsTest.java

Reply via email to