FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240

pbluong · 2019-07-05T04:05:05Z

Hello,

My project is currently using Spring MVC version 5.0.8.

Incidentally, I found a technical error relating to the library.

It is about the method decodeAndNormalizePath of the AbstractFlashMapManager class. If you look at the implementation, you can easily see that it is wrong. An empty path will pass the null check but fail to get the first character.

private String decodeAndNormalizePath(@Nullable String path, HttpServletRequest request) {
/* 231 */       if(path != null) {
/* 232 */          path = this.getUrlPathHelper().decodeRequestString(request, path);
/* 233 */          if(path.charAt(0) != 47) {
/* 234 */             String requestUri = this.getUrlPathHelper().getRequestUri(request);
/* 235 */             path = requestUri.substring(0, requestUri.lastIndexOf(47) + 1) + path;
/* 236 */             path = StringUtils.cleanPath(path);
/*     */          }      }
/*     */ 
/* 239 */       return path;
/*     */    }

org.apache.catalina.core.ApplicationDispatcher.invoke Servlet.service() for servlet [tnjs-servlet] threw exception
 java.lang.StringIndexOutOfBoundsException: String index out of range: 0
	at java.base/java.lang.StringLatin1.charAt(StringLatin1.java:44)
	at java.base/java.lang.String.charAt(String.java:704)
	at org.springframework.web.servlet.support.AbstractFlashMapManager.decodeAndNormalizePath(AbstractFlashMapManager.java:233)
	at org.springframework.web.servlet.support.AbstractFlashMapManager.saveOutputFlashMap(AbstractFlashMapManager.java:204)
	at org.springframework.web.servlet.support.RequestContextUtils.saveOutputFlashMap(RequestContextUtils.java:281)
	at org.springframework.web.servlet.view.RedirectView.renderMergedOutputModel(RedirectView.java:311)
	at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:314)
	at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1325)
	at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1069)
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1008)
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974)
	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:866)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:851)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

The text was updated successfully, but these errors were encountered:

sbrannen · 2019-07-07T14:43:51Z

Thanks for raising the issue. We'll look into it.

Prior to this commit, if the user configured an empty path for the targetRequestPath property of a FlashMap, the FlashMapManager threw a StringIndexOutOfBoundsException when saving the output FlashMap for the next request. This commit fixes this by skipping the decoding and normalization of an empty target request path. An empty target request path is therefore effectively treated as the root path. Fixes gh-23240

Prior to this commit, if the user configured an empty path for the targetRequestPath property of a FlashMap, the FlashMapManager threw a StringIndexOutOfBoundsException when saving the output FlashMap for the next request. This commit fixes this by skipping the decoding and normalization of an empty target request path. Fixes gh-23240

pbluong · 2019-08-26T02:43:03Z

Hello sbrannen,
Could you deliver the fix in minor releases of Spring 5.0.x?
Thanks,
Binh

spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Jul 5, 2019

sbrannen added in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Jul 7, 2019

sbrannen changed the title ~~Technical error when decode and normalize path in flash map manager~~ FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path Jul 7, 2019

sbrannen self-assigned this Jul 7, 2019

sbrannen added this to the 5.1.9 milestone Jul 7, 2019

sbrannen added the for: backport-to-5.0.x label Jul 7, 2019

spring-projects-issues added status: backported An issue that has been backported to maintenance branches and removed for: backport-to-5.0.x labels Jul 7, 2019

spring-projects-issues mentioned this issue Jul 7, 2019

FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23245

Closed

sbrannen added the for: backport-to-4.3.x label Jul 7, 2019

spring-projects-issues removed the for: backport-to-4.3.x label Jul 7, 2019

spring-projects-issues mentioned this issue Jul 7, 2019

FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23246

Closed

sbrannen closed this as completed in db8be50 Jul 7, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240

FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240

pbluong commented Jul 5, 2019 •

edited by sbrannen

sbrannen commented Jul 7, 2019

pbluong commented Aug 26, 2019

FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240

FlashMapManager throws StringIndexOutOfBoundsException for empty target URL path #23240

Comments

pbluong commented Jul 5, 2019 • edited by sbrannen

sbrannen commented Jul 7, 2019

pbluong commented Aug 26, 2019

pbluong commented Jul 5, 2019 •

edited by sbrannen