Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8193444

SimpleDateFormat throws ArrayIndexOutOfBoundsException when format contains long sequences of unicode characters

    Details

    • Subcomponent:
    • Resolved In Build:
      b03
    • CPU:
      x86_64
    • OS:
      linux
    • Verification:
      Verified

      Description

      FULL PRODUCT VERSION :
      Java 9: OpenJDK Runtime Environment (build 9.0.1+11)
      Java 10: Java(TM) SE Runtime Environment (build 10-ea+30)

      A DESCRIPTION OF THE PROBLEM :
      SimpleDateFormat#format(Date) throws an OOB exception when formatting dates through a format string that contains a sequence of 256 or more non-ASCII unicode characters.

      This occurs because SimpleDateFormat#compile(String pattern) compiles the input format string using a packed representation with tagged data and 1 or 2 byte length fields. However, in the specific case where there is sequence of non-ASCII unicode characters (i.e. each char value is greater than 128), the compiler only uses short 1 byte length fields. Therefore, if there are over 256 unicode characters in a row, the length field overflows and leads to a corrupted count.

      The corrupted count causes an OOB exception to be thrown when formatting Dates with this compiled pattern. An example input is attached.

      This bug was found using AFL + JQF.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Compile and run the main class "DateFormatterTest" attached below.


      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 38
      at java.base/java.text.SimpleDateFormat.subFormat(SimpleDateFormat.java:1124)
      at java.base/java.text.SimpleDateFormat.format(SimpleDateFormat.java:985)
      at java.base/java.text.SimpleDateFormat.format(SimpleDateFormat.java:955)
      at java.base/java.text.DateFormat.format(DateFormat.java:367)
      at DateFormatterTest.main(DateFormatterTest.java:16)


      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      import java.text.DateFormat;
      import java.text.SimpleDateFormat;
      import java.util.Date;

      public class DateFormatterTest {
          public static void main(String[] args) {
              // Create a string of 256+ non-ascii characters
              char nonAsciiChar = '\u263a'; // ☺
              String format = "";
              for (int i = 0; i < 257; i++) {
                  format += nonAsciiChar;
              }

              // Attempt to format a date
              DateFormat df = new SimpleDateFormat(format);
              df.format(new Date()); // throws ArrayIndexOutOfBoundsException
          }
      }

      ---------- END SOURCE ----------

        Attachments

          Activity

            People

            • Assignee:
              nishjain Nishit Jain
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: