Fix "array index out of bounds" problem reported by LGTM.com

jbduncan · rstoyanchev · commit f084b6328646 · 2019-09-03T12:31:13.000+01:00
diff --git a/spring-web/src/main/java/org/springframework/http/ContentDisposition.java b/spring-web/src/main/java/org/springframework/http/ContentDisposition.java
@@ -42,6 +42,9 @@
  */
 public final class ContentDisposition {
 
+	private static final String INVALID_HEADER_FIELD_PARAMETER_FORMAT =
+			"Invalid header field parameter format (as defined in RFC 5987)";
+
 	@Nullable
 	private final String type;
 
@@ -357,7 +360,7 @@ else if (!escaped && ch == '"') {
 	}
 
 	/**
-	 * Decode the given header field param as describe in RFC 5987.
+	 * Decode the given header field param as described in RFC 5987.
 	 * <p>Only the US-ASCII, UTF-8 and ISO-8859-1 charsets are supported.
 	 * @param input the header field param
 	 * @return the encoded header field param
@@ -383,13 +386,18 @@ private static String decodeHeaderFieldParam(String input) {
 				bos.write((char) b);
 				index++;
 			}
-			else if (b == '%') {
-				char[] array = { (char)value[index + 1], (char)value[index + 2]};
-				bos.write(Integer.parseInt(String.valueOf(array), 16));
+			else if (b == '%' && index < value.length - 2) {
+				char[] array = new char[]{(char) value[index + 1], (char) value[index + 2]};
+				try {
+					bos.write(Integer.parseInt(String.valueOf(array), 16));
+				}
+				catch (NumberFormatException ex) {
+					throw new IllegalArgumentException(INVALID_HEADER_FIELD_PARAMETER_FORMAT, ex);
+				}
 				index+=3;
 			}
 			else {
-				throw new IllegalArgumentException("Invalid header field parameter format (as defined in RFC 5987)");
+				throw new IllegalArgumentException(INVALID_HEADER_FIELD_PARAMETER_FORMAT);
 			}
 		}
 		return new String(bos.toByteArray(), charset);
diff --git a/spring-web/src/test/java/org/springframework/http/ContentDispositionTests.java b/spring-web/src/test/java/org/springframework/http/ContentDispositionTests.java
@@ -28,6 +28,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Unit tests for {@link ContentDisposition}
@@ -36,7 +37,6 @@
  */
 public class ContentDispositionTests {
 
-
 	@Test
 	public void parseTest() {
 		ContentDisposition disposition = ContentDisposition
@@ -198,4 +198,22 @@ public void decodeHeaderFieldParamInvalidCharset() {
 				ReflectionUtils.invokeMethod(decode, null, "UTF-16''test"));
 	}
 
+	@Test
+	public void decodeHeaderFieldParamShortInvalidEncodedFilename() {
+		Method decode = ReflectionUtils.findMethod(ContentDisposition.class,
+				"decodeHeaderFieldParam", String.class);
+		ReflectionUtils.makeAccessible(decode);
+		assertThatIllegalArgumentException().isThrownBy(() ->
+				ReflectionUtils.invokeMethod(decode, null, "UTF-8''%A"));
+	}
+
+	@Test
+	public void decodeHeaderFieldParamLongerInvalidEncodedFilename() {
+		Method decode = ReflectionUtils.findMethod(ContentDisposition.class,
+				"decodeHeaderFieldParam", String.class);
+		ReflectionUtils.makeAccessible(decode);
+		assertThatIllegalArgumentException().isThrownBy(() ->
+				ReflectionUtils.invokeMethod(decode, null, "UTF-8''%A.txt"));
+	}
+
 }
