JDK-8182452 : UUID.fromString accepts invalid UUIDs or throws wrong exception
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.util
  • Affected Version: 8
  • Priority: P4
  • Status: Resolved
  • Resolution: Duplicate
  • OS: generic
  • CPU: generic
  • Submitted: 2017-06-14
  • Updated: 2019-01-09
  • Resolved: 2017-06-27
Related Reports
Duplicate :  
JDK-8159339 - UUID:fromString() parses incorrect strings without error
Relates :  
JDK-8216407 - java.util.UUID.fromString accepts input that does not match expected format
Description
FULL PRODUCT VERSION :


A DESCRIPTION OF THE PROBLEM :
The documentation of java.util.UUID.fromString states that it throws an IllegalArgumentException if the UUID string passed to it is invalid, yet it accepts blatantly invalid strings and returns weird UUID objects, or it throws the wrong type of exception. The implementation of the method is abysmally poor.


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.util.UUID;

public class UUIDBug {
    public static void main(String... args) {
        // should throw, but instead returns 00000000-0000-0000-0000-000000000000
        System.out.println(UUID.fromString("000000000000000000000000-000000000000000000000000-000000000000000000000000-000000000000000000000000-000000000000000000000000"));
        
        // should throw, but instead returns 33337777-7777-4444-5555-222233334444
        System.out.println(UUID.fromString("1111222233334444-1111222233334444-1111222233334444-1111222233334444-1111222233334444"));
        
        // should throw, but instead returns 0defadef-adef-aced-aced-00000defaced
        System.out.println(UUID.fromString("defaced-defaced-defaced-defaced-defaced"));
        
        // should throw, but instead returns 0000000e-000f-000f-000e-00000000000d
        System.out.println(UUID.fromString("e-f-f-e-d"));
        
        // throws wrong type of exception (NumberFormatException instead of IllegalArgumentException)
        System.out.println(UUID.fromString("This-is-not-a-UUID"));
    }
}
---------- END SOURCE ----------
Comments
This seems to be a known bug and was decided to not fix as per- JDK-8159339 as the bug is already addressed in JDK-9 Closing this as duplicate.
27-06-2017
To reproduce the issue, run the attached test case. In case of JDK 9-ea + 170, it throws java.lang.IllegalArgumentException: UUID string too large , in the first three cases. In the fourth case, all the values are hexadecimal, so they are converted to UUID and in the last case it throws a NumberFormatException. In case of JDK 8u131, it accepts all the first four cases and generated UUID for them. JDK 8 - Fail JDK 8u131 - Fail JDK 9-ea+ 170 - Pass Following is the output on JDK 8u131: 00000000-0000-0000-0000-000000000000 33337777-7777-4444-5555-222233334444 0defadef-adef-aced-aced-00000defaced 0000000e-000f-000f-000e-00000000000d Exception in thread "main" java.lang.NumberFormatException: For input string: "This" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Long.parseLong(Long.java:441) at java.lang.Long.valueOf(Long.java:513) at java.lang.Long.decode(Long.java:665) at java.util.UUID.fromString(UUID.java:198) at JI9049558.main(JI9049558.java:19) On JDK 9, the output is : Exception in thread "main" java.lang.IllegalArgumentException: UUID string too large at java.base/java.util.UUID.fromString(Unknown Source) at JI9049558.main(JI9049558.java:7)
19-06-2017