Fix CharArraysTests.testConstantTimeEquals() #47346
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tlrx
added
:Core/Infra/Core
|
Pinging @elastic/es-core-infra |
alpar-t
reviewed
Oct 1, 2019
| randomAlphaOfLengthNotBeginningWith(value.substring(0, 1), value.length(), value.length())); | ||
| assertFalse("value: " + value + ", other: " + other, CharArrays.constantTimeEquals(value, other)); | ||
| assertFalse(CharArrays.constantTimeEquals(value.toCharArray(), other.toCharArray())); | ||
| final int length = value.length(); |
There was a problem hiding this comment.
I don't have strong feeling about it, but might be more straight forward to make sure this never happens on line 70 above.
There was a problem hiding this comment.
Well, I think this method must support empty strings/char arrays so... :)
alpar-t
approved these changes
Oct 1, 2019
tlrx
added a commit
that referenced
this pull request
Oct 1, 2019
The change #47238 fixed a first issue (#47076) but introduced another one that can be reproduced using: org.elasticsearch.common.CharArraysTests > testConstantTimeEquals FAILED java.lang.StringIndexOutOfBoundsException: String index out of range: 1 at __randomizedtesting.SeedInfo.seed([DFCA64FE2C786BE3:ED987E883715C63B]:0) at java.lang.String.substring(String.java:1963) at org.elasticsearch.common.CharArraysTests.testConstantTimeEquals(CharArraysTests.java:74) REPRODUCE WITH: ./gradlew ':libs:elasticsearch-core:test' --tests "org.elasticsearch.common.CharArraysTests.testConstantTimeEquals" -Dtests.seed=DFCA64FE2C786BE3 -Dtests.security.manager=true -Dtests.locale=fr-CA -Dtests.timezone=Pacific/Johnston -Dcompiler.java=12 -Druntime.java=8 that happens when the first randomized string has a length of 0.
tlrx
added a commit
that referenced
this pull request
Oct 1, 2019
The change #47238 fixed a first issue (#47076) but introduced another one that can be reproduced using: org.elasticsearch.common.CharArraysTests > testConstantTimeEquals FAILED java.lang.StringIndexOutOfBoundsException: String index out of range: 1 at __randomizedtesting.SeedInfo.seed([DFCA64FE2C786BE3:ED987E883715C63B]:0) at java.lang.String.substring(String.java:1963) at org.elasticsearch.common.CharArraysTests.testConstantTimeEquals(CharArraysTests.java:74) REPRODUCE WITH: ./gradlew ':libs:elasticsearch-core:test' --tests "org.elasticsearch.common.CharArraysTests.testConstantTimeEquals" -Dtests.seed=DFCA64FE2C786BE3 -Dtests.security.manager=true -Dtests.locale=fr-CA -Dtests.timezone=Pacific/Johnston -Dcompiler.java=12 -Druntime.java=8 that happens when the first randomized string has a length of 0.
|
Thanks @atorok |
williamrandolph
pushed a commit
to williamrandolph/elasticsearch
that referenced
this pull request
Jan 7, 2021
The change elastic#47238 fixed a first issue (elastic#47076) but introduced another one that can be reproduced using: org.elasticsearch.common.CharArraysTests > testConstantTimeEquals FAILED java.lang.StringIndexOutOfBoundsException: String index out of range: 1 at __randomizedtesting.SeedInfo.seed([DFCA64FE2C786BE3:ED987E883715C63B]:0) at java.lang.String.substring(String.java:1963) at org.elasticsearch.common.CharArraysTests.testConstantTimeEquals(CharArraysTests.java:74) REPRODUCE WITH: ./gradlew ':libs:elasticsearch-core:test' --tests "org.elasticsearch.common.CharArraysTests.testConstantTimeEquals" -Dtests.seed=DFCA64FE2C786BE3 -Dtests.security.manager=true -Dtests.locale=fr-CA -Dtests.timezone=Pacific/Johnston -Dcompiler.java=12 -Druntime.java=8 that happens when the first randomized string has a length of 0.
williamrandolph
added a commit
that referenced
this pull request
Jan 7, 2021
…67168) * Ensure char array test uses different values (#47238) The test of constantTimeEquals could get unlucky and randomly produce the same two strings. This commit tweaks the test to ensure the two string are unique, and the loop inside constantTimeEquals is actually executed (which requires the strings be of the same length). * Fix CharArraysTests.testConstantTimeEquals() (#47346) The change #47238 fixed a first issue (#47076) but introduced another one that can be reproduced using: org.elasticsearch.common.CharArraysTests > testConstantTimeEquals FAILED java.lang.StringIndexOutOfBoundsException: String index out of range: 1 at __randomizedtesting.SeedInfo.seed([DFCA64FE2C786BE3:ED987E883715C63B]:0) at java.lang.String.substring(String.java:1963) at org.elasticsearch.common.CharArraysTests.testConstantTimeEquals(CharArraysTests.java:74) REPRODUCE WITH: ./gradlew ':libs:elasticsearch-core:test' --tests "org.elasticsearch.common.CharArraysTests.testConstantTimeEquals" -Dtests.seed=DFCA64FE2C786BE3 -Dtests.security.manager=true -Dtests.locale=fr-CA -Dtests.timezone=Pacific/Johnston -Dcompiler.java=12 -Druntime.java=8 that happens when the first randomized string has a length of 0. Co-authored-by: Ryan Ernst <[email protected]> Co-authored-by: Tanguy Leroux <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The change #47238 fixed a first issue (#47076) but introduced another one that can be reproduced using:
that happens when the first randomized string has a length of 0.