JDK-8216407 : java.util.UUID.fromString accepts input that does not match expected format
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.util
  • Affected Version: 8,11,12
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2019-01-08
  • Updated: 2020-03-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
tbdUnresolved
Related Reports
Duplicate :  
JDK-8219815 - UUID.fromString() is too lax
Relates :  
JDK-8159339 - UUID:fromString() parses incorrect strings without error
Relates :  
JDK-8182452 - UUID.fromString accepts invalid UUIDs or throws wrong exception
Relates :  
JDK-8165199 - UUID.fromString accepts wrong placements of the dashes
Relates :  
JDK-8188902 - UUID.fromString does not work as expected
Relates :  
JDK-8202760 - UUID.fromString() accepts invalid (short) strings
Description
ADDITIONAL SYSTEM INFORMATION :
Mac OS X 10.13.6, Java 10.0.1, as well as 1.8

A DESCRIPTION OF THE PROBLEM :
The UUID.fromString javadoc states that the input is parsed according to the format specified in UUID.toString, and will throw IllegalArgumentException if the input does not conform to that format.  However, the fromString method accepts a more liberal set of input values than is described in the toString BNF.  

Either the javadoc is misleading about what is allowed, or the implementation is incorrect in what it accepts.

Example (jshell 10.0.1):

jshell> UUID.fromString("1-1-1-1-1")
$2 ==> 00000001-0001-0001-0001-000000000001

Yet the input format does not match what is described in the toString doc.

Also, here is another example where the input is accepted perversely:

jshell> UUID.fromString("5-4-3-DEADBEEF0002-9000000001")
$3 ==> 00000005-0004-0003-0002-009000000001

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
UUID.fromString("5-4-3-DEADBEEF0002-9000000001")

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
an IllegalArgumentException should be thrown
ACTUAL -
UUID object '00000005-0004-0003-0002-009000000001' is returned

---------- BEGIN SOURCE ----------
import java.util.UUID;

class Test{

	public static void main(String[] args) throws Exception{
		String input="5-4-3-DEADBEEF0002-9000000001";
		System.out.println("Calling UUID.fromString with input: "+input);
		try{
			UUID uuid=UUID.fromString(input);
			throw new Exception("Expected IllegalArgumentException exception but got: "+uuid );
		}catch(IllegalArgumentException e){
			System.out.println("OK: caught exception: "+e);
		}
	}
}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
The only workaround is to manually validate UUID format before calling UUID.fromString
Comments
Tightening up the parsing of the input in a way that throws IAE for cases where it was not thrown previously is an incompatible change so we have to be careful. In this case it might be better to just clarifying the spec to make it clearer as when IAE is thrown.
08-03-2020
Not much interest in the fix, so I'm restraining myself from fixing this. Leaving the bug open, as there is a clear contradiction between the javadoc and behavior. It needs to be decided what way it should be resolved, though.
11-03-2019
To reproduce the issue, run the attached test case : JDK 11.0.1 - Fail JDK 12-ea+26 - Fail Output: Calling UUID.fromString with input: 5-4-3-DEADBEEF0002-9000000001 Exception in thread "main" java.lang.Exception: Expected IllegalArgumentException exception but got: 00000005-0004-0003-0002-009000000001 at JI9058876.main(JI9058876.java:9)
09-01-2019