RFR 8216407 : java.util.UUID.fromString accepts input that does not match expected format

Joe Darcy joe.darcy at oracle.com
Thu Jan 10 07:08:38 UTC 2019

Hi Ivan,

How does this bug relate to the recent discussion of "JDK-8165199: 
UUID.fromString(str) compliance checking?":




On 1/9/2019 3:23 PM, Ivan Gerasimov wrote:
> Hello!
> String representation of UUID should conform to RFC4122 
> <https://tools.ietf.org/html/rfc4122>, i.e. each its part has to be of 
> the fixed size.
> Unfortunately, the UUID.fromString() method does not keep up to this 
> requirement:
> - First, it permits the leading zeroes of any part to be omitted;
> - Second, it permits some of the UUID parts to be larger then 
> allowed.  In such a case, the value is effectively clipped with & 
> 0x..FFFF.
> While some existing application may depend on the former case -- i.e. 
> be able to parse UUID with stripped leading zeroes, the later case is 
> likely to be an error.
> In the past, the check on the input has already been strengthened with 
> JDK-8006627 <https://bugs.openjdk.java.net/browse/JDK-8006627>.
> I propose we go further and make UUID.fromString() to reject such 
> string representations that contain too large individual parts.
> If people agree on the proposal, I'll file CSR to fix the change of 
> behavior.
> BUGURL: https://bugs.openjdk.java.net/browse/JDK-8216407
> WEBREV: http://cr.openjdk.java.net/~igerasim/8216407/00/webrev/
> Thanks in advance!

More information about the core-libs-dev mailing list