HttpUtil.getContentLength can throw parse error even when default value is supplied
See original GitHub issueFairly straight-forward to fix, but not sure if we should actually change the behavior or just change the javadoc. I can contribute a PR.
Expected behavior
Calling HttpUtil.getContentLength(HttpMessage, int)
should return the default value when the header is not a number, in accordance with the javadoc:
Returns: the content length or defaultValue if this message does not have the “Content-Length” header or its value is not a number. Not to exceed the boundaries of integer.
Actual behavior
For invalid inputs, the method throws an exception:
Exception in thread "main" java.lang.NumberFormatException: For input string: "foo"
at java.base/java.lang.NumberFormatException.forInputString(NumberFormatException.java:67)
at java.base/java.lang.Long.parseLong(Long.java:711)
at java.base/java.lang.Long.parseLong(Long.java:836)
at io.netty.handler.codec.http.HttpUtil.getContentLength(HttpUtil.java:181)
at io.netty.handler.codec.http.HttpUtil.getContentLength(HttpUtil.java:203)
at io.micronaut.http.server.netty.fuzzing.X.main(X.java:12)
Steps to reproduce
Run the reproducer code.
Minimal yet complete reproducer code (or URL to code)
package io.micronaut.http.server.netty.fuzzing;
import io.netty.handler.codec.http.DefaultFullHttpRequest;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpUtil;
import io.netty.handler.codec.http.HttpVersion;
public class X {
public static void main(String[] args) {
DefaultFullHttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "/");
request.headers().add("Content-Length", "foo");
System.out.println(HttpUtil.getContentLength(request, 0));
}
}
Netty version
4.1.73.Final
JVM version (e.g. java -version
)
openjdk version “17.0.1” 2021-10-19 OpenJDK Runtime Environment Temurin-17.0.1+12 (build 17.0.1+12) OpenJDK 64-Bit Server VM Temurin-17.0.1+12 (build 17.0.1+12, mixed mode, sharing)
OS version (e.g. uname -a
)
Linux yawkat-oracle 5.13.0-28-generic #31-Ubuntu SMP Thu Jan 13 17:41:06 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (5 by maintainers)
Top GitHub Comments
I think we should fix the code… Let me do it.
yeah I think we should keep it simple