[
https://issues.apache.org/jira/browse/CLI-313?focusedWorklogId=767492&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-767492
]
ASF GitHub Bot logged work on CLI-313:
--------------------------------------
Author: ASF GitHub Bot
Created on: 07/May/22 02:18
Start Date: 07/May/22 02:18
Worklog Time Spent: 10m
Work Description: hungklu commented on code in PR #95:
URL: https://github.com/apache/commons-cli/pull/95#discussion_r867289570
##########
src/main/java/org/apache/commons/cli/DefaultParser.java:
##########
@@ -580,7 +580,7 @@ private boolean isArgument(final String token) {
* Tests if the specified token is a Java-like property (-Dkey=value).
*/
private boolean isJavaProperty(final String token) {
- final String opt = token.substring(0, 1);
+ final String opt = token.length() > 0? token.substring(0, 1): null;
Review Comment:
I'm starting to resume the work as I've been not feeling well.
Issue Time Tracking
-------------------
Worklog Id: (was: 767492)
Time Spent: 40m (was: 0.5h)
> StringIndexOutOfBoundsException thrown by CommandLineParser.parse() on
> invalid input
> ------------------------------------------------------------------------------------
>
> Key: CLI-313
> URL: https://issues.apache.org/jira/browse/CLI-313
> Project: Commons CLI
> Issue Type: Bug
> Components: Parser
> Affects Versions: 1.5
> Reporter: Dominik Stadler
> Priority: Critical
> Labels: exception, fuzzer
> Time Spent: 40m
> Remaining Estimate: 0h
>
> I discovered a case which can trigger a StringIndexOutOfBoundsException in
> {{{}CommandLineParser.parse(){}}}.
> The following code-snippet reproduces it:
> {noformat}
> CommandLineParser parser = new DefaultParser();
> Options options = new Options();
> parser.parse(options, new String[] {"-=-"}); {noformat}
>
> When run against current commons-cli 1.5.0 as well as on latest git, it
> causes the following stacktrace:
> {noformat}
> Exception in thread "main" java.lang.StringIndexOutOfBoundsException: begin
> 0, end 1, length 0
> at java.base/java.lang.String.checkBoundsBeginEnd(String.java:3319)
> at java.base/java.lang.String.substring(String.java:1874)
> at
> org.apache.commons.cli.DefaultParser.isJavaProperty(DefaultParser.java:583)
> at
> org.apache.commons.cli.DefaultParser.handleShortAndLongOption(DefaultParser.java:511)
> at
> org.apache.commons.cli.DefaultParser.handleToken(DefaultParser.java:542)
> at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:712)
> at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:679)
> at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:660)
> at
> org.dstadler.cli.fuzz.Crash_4543e54e8e6239dec6cc2eea74b83d5de693ec71.main(Crash_4543e54e8e6239dec6cc2eea74b83d5de693ec71.java:13)
> {noformat}
>
> According to the JavaDoc, all failures to parse the arguments should lead to
> a {{{}ParseException{}}}, but it seems this case is not handled currently.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
