Sarankumar Baskar created IO-891:
------------------------------------
Summary: BoundedReader.skip(long) updates character count
incorrectly and can bypass configured bounds
Key: IO-891
URL: https://issues.apache.org/jira/browse/IO-891
Project: Commons IO
Issue Type: Bug
Reporter: Sarankumar Baskar
BoundedReader.skip(long) currently updates its internal charsRead counter using
the requested skip amount instead of the actual number of characters skipped:
charsRead += n;
return super.skip(n);
This has a few problems:
1. Reader.skip(long) is not guaranteed to skip the requested number of
characters. It returns the actual number skipped, which may be smaller than n.
BoundedReader should update charsRead using that returned value.
2. skip(long) does not cap the requested skip amount to the remaining
maxCharsFromTargetReader limit. This means skip() can move the underlying
reader beyond the configured bound, while read() correctly enforces the bound.
3. charsRead is an int, while n is a long. The compound assignment charsRead +=
n performs an implicit narrowing conversion, which can silently
overflow/truncate for large skip values.
Expected behavior:
- skip(long) should not skip more characters than the remaining BoundedReader
limit.
- skip(long) should update charsRead using the actual skipped count returned by
the underlying reader.
- large skip values such as Long.MAX_VALUE should not overflow the internal
charsRead counter.
- skip(long) should respect the same maxCharsFromTargetReader and
mark/readAheadLimit constraints as read().
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
