[jira] [Commented] (LANG-806) RandomStringUtils can enter infinite loop if chosen char does not meet letter/digit requirements

[Henri Yandell (JIRA)]

    [ 
https://issues.apache.org/jira/browse/LANG-806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13439377#comment-13439377
 ] 

Henri Yandell commented on LANG-806:
------------------------------------

Please feel free to take a look :)
                
> RandomStringUtils can enter infinite loop if chosen char does not meet 
> letter/digit requirements
> ------------------------------------------------------------------------------------------------
>
>                 Key: LANG-806
>                 URL: https://issues.apache.org/jira/browse/LANG-806
>             Project: Commons Lang
>          Issue Type: Bug
>    Affects Versions: 2.6, 3.1
>            Reporter: Sebb
>            Assignee: Sebb
>
> An infinite loop can result if the selection process never returns a char 
> that passes the validation test.
> This can occur if the subset specified by the start and end characters does 
> not contain any valid characters.
> For example:
> RandomStringUtils.random(3, 5, 10, true, true); // 1
> RandomStringUtils.random(3, 56192, 56319, false, false); // 2
> There's also the case where only surrogates are allowed, but the buffer is 
> not an even number of characters, for example:
> RandomStringUtils.random(3, 56320, 57343, false, false); // 3
> The second example is easy to detect, but in general it does not seem easy to 
> determine in advance if the subset contains any valid characters - except by 
> evaluating all the possible char values. This would be expensive if the 
> subset range is large.
> One possibility is to count the total number of loops (or retries), and throw 
> an error if it exceeds a given value. Or count the number of consecutive 
> retries.
> In both cases the threshold value must be set high enough to allow for the 
> cases where the allowable char range contains only a small proportion of 
> valid characters. 
> In the case of digits only, the default allowable range is currently set to 
> digits + letters, so the proportion of valid chars is 10/90 i.e. approx 11%.
> A minimum proportion of 1% or 0.1% would be necessary to reduce the number of 
> false positives.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira