[
https://issues.apache.org/jira/browse/CLI-313?focusedWorklogId=740588&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-740588
]
ASF GitHub Bot logged work on CLI-313:
--------------------------------------
Author: ASF GitHub Bot
Created on: 13/Mar/22 22:25
Start Date: 13/Mar/22 22:25
Worklog Time Spent: 10m
Work Description: garydgregory commented on a change in pull request #95:
URL: https://github.com/apache/commons-cli/pull/95#discussion_r825512651
##########
File path: src/main/java/org/apache/commons/cli/DefaultParser.java
##########
@@ -580,7 +580,7 @@ private boolean isArgument(final String token) {
* Tests if the specified token is a Java-like property (-Dkey=value).
*/
private boolean isJavaProperty(final String token) {
- final String opt = token.substring(0, 1);
+ final String opt = token.length() > 0? token.substring(0, 1): null;
Review comment:
Ping?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 740588)
Time Spent: 0.5h (was: 20m)
> StringIndexOutOfBoundsException thrown by CommandLineParser.parse() on
> invalid input
> ------------------------------------------------------------------------------------
>
> Key: CLI-313
> URL: https://issues.apache.org/jira/browse/CLI-313
> Project: Commons CLI
> Issue Type: Bug
> Components: Parser
> Affects Versions: 1.5
> Reporter: Dominik Stadler
> Priority: Critical
> Labels: exception, fuzzer
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> I discovered a case which can trigger a StringIndexOutOfBoundsException in
> {{{}CommandLineParser.parse(){}}}.
> The following code-snippet reproduces it:
> {noformat}
> CommandLineParser parser = new DefaultParser();
> Options options = new Options();
> parser.parse(options, new String[] {"-=-"}); {noformat}
>
> When run against current commons-cli 1.5.0 as well as on latest git, it
> causes the following stacktrace:
> {noformat}
> Exception in thread "main" java.lang.StringIndexOutOfBoundsException: begin
> 0, end 1, length 0
> at java.base/java.lang.String.checkBoundsBeginEnd(String.java:3319)
> at java.base/java.lang.String.substring(String.java:1874)
> at
> org.apache.commons.cli.DefaultParser.isJavaProperty(DefaultParser.java:583)
> at
> org.apache.commons.cli.DefaultParser.handleShortAndLongOption(DefaultParser.java:511)
> at
> org.apache.commons.cli.DefaultParser.handleToken(DefaultParser.java:542)
> at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:712)
> at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:679)
> at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:660)
> at
> org.dstadler.cli.fuzz.Crash_4543e54e8e6239dec6cc2eea74b83d5de693ec71.main(Crash_4543e54e8e6239dec6cc2eea74b83d5de693ec71.java:13)
> {noformat}
>
> According to the JavaDoc, all failures to parse the arguments should lead to
> a {{{}ParseException{}}}, but it seems this case is not handled currently.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
