Skip to content

1. Missing EOF checks in MultiDelimiterInterpolatorFilterReaderLineEnding.read() #349

Description

@elharo

Affected version

HEAD

Bug description

File: src/main/java/org/apache/maven/shared/filtering/MultiDelimiterInterpolatorFilterReaderLineEnding.java

Lines 223 and 246 — The escape-detection loop (line 223) and delimiter-detection loop (line 246) are missing ch == -1 EOF checks. The equivalent single-delimiter class InterpolatorFilterReaderLineEnding correctly includes these checks (lines 206 and 221).

In the escape loop (line 223):

if (ch != getEscapeString().charAt(i) || ch == '\n' && !supportMultiLineFiltering) {

Missing: || ch == -1

In the delimiter loop (line 246):

if (ch != begin.charAt(i) || ch == '\n' && !supportMultiLineFiltering) {

Missing: || ch == -1

When EOF (-1) is encountered during escape string or begin-token matching, (char) ch casts -1 to 0xFFFF, which is appended to the key StringBuilder as a garbage character. In the escape loop this is partially mitigated because the mismatch branch clears the key (key.setLength(0)), but the garbage still appears in the key transiently and the key.append((char) ch) at line 221 runs before any check. In the delimiter loop the garbage char is silently consumed.

Impact: When a file ends during a begin-token or escape-string sequence, the reader can output corrupted data (garbage character inserted) or skip bytes.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions