Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8222249

No validation of input when using java.sql.Date.valueOf(String s)

    Details

    • Subcomponent:
    • CPU:
      generic
    • OS:
      generic

      Description

      ADDITIONAL SYSTEM INFORMATION :
      OS: Windows 10 Enterprise, Version 1703, Build 15063.1689
      java version "1.8.0_202"
      Java(TM) SE Runtime Environment (build 1.8.0_202-b31)
      Java HotSpot(TM) 64-Bit Server VM (build 25.202-b31, mixed mode)

      A DESCRIPTION OF THE PROBLEM :
      java.sql.Date.valueOf(String dateStr) is not doing proper input validation.
      It does not properly validate the date part in the dateStr.
      For example:
      1. java.sql.Date.valueOf("2019-02-30") gives back "2019-03-02". 30th February is not a valid date for any year. February has either 28 or 29 days. But it accepts the string and does not raise any exception. Instead, it constructs a date 2 days after 28th February.
      2. java.sql.Date.valueOf("2019-04-31") gives back "2019-05-01". 31st April is not a valid date for any year. April has exactly 30 days. But it accepts the string and does not raise any exception. Instead, it constructs a date one day after 30th April.

      The same issue can be observed for other months which have less than 31 days.

      So, basically it doesn't check if the date part is valid for that month. It just checks if the date part is less than 32.
      For doing proper validation it should actually check if the date part of the string is valid for the month part.

      Apart from Java 8, I also checked it in latest Java 12; and the issue persists.
      I don't know from how long this issue is existing.
      This should be a generic issue, independent of the host OS.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Use the provided source code.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      java.lang.IllegalArgumentException
      ACTUAL -
      2019-03-02
      2019-05-01

      ---------- BEGIN SOURCE ----------
      import java.sql.Date;

      class DateTest {
      public static void main(String[] args) {
      System.out.println(Date.valueOf("2019-02-30"));
      System.out.println(Date.valueOf("2019-04-31"));
      }
      }
      ---------- END SOURCE ----------

      FREQUENCY : always


        Attachments

          Activity

            People

            • Assignee:
              lancea Lance Andersen
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: