StringIndexOutOfBoundsException or IllegalArgumentException on EAP 7 from io.undertow.util.URLUtils.decode

Solution Verified - Updated -

Issue

We see some POST requests fail with "UT005023 Exception handling request" due to StringIndexOutOfBoundsException or IllegalArgumentException after moving to EAP 7 from EAP 6 or Tomcat.

For example: when sending the request like:

$ curl -v http://localhost:8080/test/ -d "foo=%"

The following StringIndexOutOfBoundsException happens in EAP 7.2.2 or before:

java.lang.StringIndexOutOfBoundsException: String index out of range: 1
    at java.lang.String.charAt(String.java:658)
    at io.undertow.util.URLUtils.decode(URLUtils.java:132)
    at io.undertow.util.URLUtils.decode(URLUtils.java:78)
    at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.doParse(FormEncodedDataDefinition.java:186)
    at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.parseBlocking(FormEncodedDataDefinition.java:252)
    at io.undertow.servlet.spec.HttpServletRequestImpl.parseFormData(HttpServletRequestImpl.java:832)
    at io.undertow.servlet.spec.HttpServletRequestImpl.getParameterMap(HttpServletRequestImpl.java:785)

and the following IllegalArgumentException happens in EAP 7.2.3 and 7.2.4:

Caused by: java.lang.IllegalArgumentException: UT000072: Failed to decode url % to charset ISO-8859-1
    at io.undertow.util.URLUtils.decode(URLUtils.java:139)
    at io.undertow.util.URLUtils.decode(URLUtils.java:83)
    at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.doParse(FormEncodedDataDefinition.java:202)
    at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.parseBlocking(FormEncodedDataDefinition.java:252)
    at io.undertow.servlet.spec.HttpServletRequestImpl.parseFormData(HttpServletRequestImpl.java:835)
    at io.undertow.servlet.spec.HttpServletRequestImpl.getParameterNames(HttpServletRequestImpl.java:734)
    at org.apache.jsp.index_jsp._jspService(index_jsp.java:223)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:791)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
    ... 46 more

Environment

  • JBoss Enterprise Application Platform (EAP) 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content