> Constructing URLPermission with an empty/missing host in the authority (e.g., > `"http:///path"`) could throw `StringIndexOutOfBoundsException`. > > **Problem** > Empty or malformed authorities reach HostPortrange, which does `charAt(0)` > without checking, causing `StringIndexOutOfBoundsException`. > > **Fix** > - `URLPermission.Authority`: after stripping userinfo, fail fast if host part > is empty. > - `HostPortrange`: add guards for null/empty input and leading ':' (port > without host). > - No `HttpURLConnection` changes needed in JDK 26 (the `SecurityManager` > permission path is gone). > > **Compatibility** > Only affects malformed inputs: previously `StringIndexOutOfBoundsException`, > now `IllegalArgumentException`. Valid inputs unaffected. > > **Testing** > New jtreg test: `test/jdk/java/net/URLPermission/EmptyAuthorityTest.java` > verifies `IllegalArgumentException` for malformed authorities and success for > valid ones.
Oumaiyma Intissar has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains one new commit since the last revision: 8367049: URLPermission.<init> throws StringIndexOutOfBoundsException in avm mode ------------- Changes: - all: https://git.openjdk.org/jdk/pull/27896/files - new: https://git.openjdk.org/jdk/pull/27896/files/a62187b4..d154b1db Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=27896&range=05 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=27896&range=04-05 Stats: 0 lines in 0 files changed: 0 ins; 0 del; 0 mod Patch: https://git.openjdk.org/jdk/pull/27896.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27896/head:pull/27896 PR: https://git.openjdk.org/jdk/pull/27896
