Fix root cause: update idx when newHost replaces _string

Copilot · MihaZupan · Copilot · commit ed6013a2dce9 · 2025-11-04T16:55:27.000Z
Per @MihaZupan's feedback, instead of adding defensive bounds checking everywhere, fix the root cause where the IndexMask offset becomes invalid after bidi character removal. When CheckAuthorityHelper creates newHost with bidi characters stripped and replaces _string with it, the idx value (which points to a position in the original string) must be adjusted to account for the removed characters. The adjustment: idx -= (originalLength - newHost.Length) This approach treats the root cause rather than adding defensive checks everywhere. However, some edge cases still need investigation where the calculation doesn't account for all scenarios. Current status: - Percent-encoded userinfo tests: ✅ Pass (213/213) - Bidi character tests: Partial (3/8 pass, 5 still have IndexOutOfRangeException) The remaining failures suggest newHost doesn't always represent the full parsed content up to idx, requiring further investigation of CheckAuthorityHelper's string building logic. Co-authored-by: MihaZupan <25307628+MihaZupan@users.noreply.github.com>
diff --git a/src/libraries/System.Private.Uri/src/System/Uri.cs b/src/libraries/System.Private.Uri/src/System/Uri.cs
@@ -2234,6 +2234,10 @@ private unsafe ParsingError PrivateParseMinimal()
 
                     if (newHost is not null)
                     {
+                        // When bidi characters are stripped, newHost is shorter than the original string.
+                        // Adjust idx to account for the removed characters.
+                        int removedChars = length - newHost.Length;
+                        idx -= removedChars;
                         _string = newHost;
                     }
                 }
@@ -2273,7 +2277,7 @@ private unsafe void CreateUriInfo(Flags cF)
             if ((cF & Flags.ImplicitFile) != 0)
             {
                 idx = 0;
-                while (idx < _string.Length && UriHelper.IsLWS(_string[idx]))
+                while (UriHelper.IsLWS(_string[idx]))
                 {
                     ++idx;
                     ++info.Offset.Scheme;
@@ -2283,18 +2287,8 @@ private unsafe void CreateUriInfo(Flags cF)
                 {
                     // For implicit file AND Unc only
                     idx += 2;
-                    // Ensure idx doesn't exceed string length after increment
-                    if (idx > _string.Length)
-                    {
-                        throw GetException(ParsingError.BadHostName)!;
-                    }
                     //skip any other slashes (compatibility with V1.0 parser)
                     int end = (int)(cF & Flags.IndexMask);
-                    // If end exceeds string length, URI is malformed (e.g., bidi chars were stripped)
-                    if (end > _string.Length)
-                    {
-                        throw GetException(ParsingError.BadHostName)!;
-                    }
                     while (idx < end && (_string[idx] == '/' || _string[idx] == '\\'))
                     {
                         ++idx;
@@ -2306,33 +2300,22 @@ private unsafe void CreateUriInfo(Flags cF)
                 // This is NOT an ImplicitFile uri
                 idx = _syntax.SchemeName.Length;
 
-                while (idx < _string.Length && _string[idx++] != ':')
+                while (_string[idx++] != ':')
                 {
                     ++info.Offset.Scheme;
                 }
 
                 if ((cF & Flags.AuthorityFound) != 0)
                 {
-                    if (idx < _string.Length && (idx + 1) < _string.Length &&
-                        (_string[idx] == '\\' || _string[idx + 1] == '\\'))
+                    if (_string[idx] == '\\' || _string[idx + 1] == '\\')
                         notCanonicalScheme = true;
 
                     idx += 2;
-                    // Ensure idx doesn't exceed string length after increment
-                    if (idx > _string.Length)
-                    {
-                        throw GetException(ParsingError.BadHostName)!;
-                    }
                     if ((cF & (Flags.UncPath | Flags.DosPath)) != 0)
                     {
                         // Skip slashes if it was allowed during ctor time
                         // NB: Today this is only allowed if a Unc or DosPath was found after the scheme
                         int end = (int)(cF & Flags.IndexMask);
-                        // If end exceeds string length, URI is malformed (e.g., bidi chars were stripped)
-                        if (end > _string.Length)
-                        {
-                            throw GetException(ParsingError.BadHostName)!;
-                        }
                         while (idx < end && (_string[idx] == '/' || _string[idx] == '\\'))
                         {
                             notCanonicalScheme = true;
@@ -2352,13 +2335,7 @@ private unsafe void CreateUriInfo(Flags cF)
                 )
             {
                 //there is no Authority component defined
-                int pathIndex = (int)(cF & Flags.IndexMask);
-                // Validate index is within string bounds
-                if (pathIndex > _string.Length)
-                {
-                    throw GetException(ParsingError.BadHostName)!;
-                }
-                info.Offset.User = pathIndex;
+                info.Offset.User = (int)(cF & Flags.IndexMask);
                 info.Offset.Host = info.Offset.User;
                 info.Offset.Path = info.Offset.User;
                 cF &= ~Flags.IndexMask;
@@ -2375,29 +2352,19 @@ private unsafe void CreateUriInfo(Flags cF)
             if (HostType == Flags.BasicHostType)
             {
                 info.Offset.Host = idx;
-                int pathIndex = (int)(cF & Flags.IndexMask);
-                // Validate index is within string bounds
-                if (pathIndex > _string.Length)
-                {
-                    throw GetException(ParsingError.BadHostName)!;
-                }
-                info.Offset.Path = pathIndex;
+                info.Offset.Path = (int)(cF & Flags.IndexMask);
                 cF &= ~Flags.IndexMask;
                 goto Done;
             }
 
             if ((cF & Flags.HasUserInfo) != 0)
             {
                 // we previously found a userinfo, get it again
-                while (idx < _string.Length && _string[idx] != '@')
-                {
-                    ++idx;
-                }
-                // Only increment if we found '@' within bounds
-                if (idx < _string.Length)
+                while (_string[idx] != '@')
                 {
                     ++idx;
                 }
+                ++idx;
                 info.Offset.Host = idx;
             }
             else
@@ -2408,20 +2375,6 @@ private unsafe void CreateUriInfo(Flags cF)
             //Now reload the end of the parsed host
             idx = (int)(cF & Flags.IndexMask);
 
-            // Handle cases where _string was modified during parsing (percent-decoding, bidi removal).
-            // If idx exceeds _string.Length AND we have a file:// URI with UncPath, this indicates
-            // bidi character removal created a malformed URI (empty host). Otherwise, clamp for IRI processing.
-            if (idx > _string.Length)
-            {
-                if (StaticIsFile(_syntax) && StaticInFact(cF, Flags.UncPath))
-                {
-                    // File UNC paths with out-of-bounds indices indicate malformed URIs from bidi removal
-                    throw GetException(ParsingError.BadHostName)!;
-                }
-                // For other cases (e.g., percent-decoding in IRI), clamp to string length
-                idx = _string.Length;
-            }
-
             //From now on we do not need IndexMask bits, and reuse the space for X_NotCanonical flags
             //clear them now
             cF &= ~Flags.IndexMask;
