elharo opened a new issue, #349:
URL: https://github.com/apache/maven-filtering/issues/349
### Affected version
HEAD
### Bug description
File:
src/main/java/org/apache/maven/shared/filtering/MultiDelimiterInterpolatorFilterReaderLineEnding.java
Lines 223 and 246 — The escape-detection loop (line 223) and
delimiter-detection loop (line 246) are missing ch == -1 EOF checks. The
equivalent single-delimiter class InterpolatorFilterReaderLineEnding correctly
includes these checks (lines 206 and 221).
In the escape loop (line 223):
if (ch != getEscapeString().charAt(i) || ch == '\n' &&
!supportMultiLineFiltering) {
Missing: || ch == -1
In the delimiter loop (line 246):
if (ch != begin.charAt(i) || ch == '\n' && !supportMultiLineFiltering) {
Missing: || ch == -1
When EOF (-1) is encountered during escape string or begin-token matching,
(char) ch casts -1 to 0xFFFF, which is appended to the key StringBuilder as a
garbage character. In the escape loop this is partially mitigated because the
mismatch branch clears the key (key.setLength(0)), but the garbage still
appears in the key transiently and the key.append((char) ch) at line 221 runs
before any check. In the delimiter loop the garbage char is silently consumed.
Impact: When a file ends during a begin-token or escape-string sequence, the
reader can output corrupted data (garbage character inserted) or skip bytes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]