Skip to content

[UNDERTOW-2655] Fix text corruption in FileUtils.readFile when reading multi-byte characters #1834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[UNDERTOW-2655] Fix text corruption in FileUtils.readFile when reading multi-byte characters #1834

wants to merge 1 commit into from

Conversation

@finalchild
Copy link

@finalchild finalchild commented Oct 28, 2025
edited
Loading

Summary

Fixes text corruption in FileUtils.readFile when reading multi-byte UTF-8 characters.

Problem: The original implementation read the InputStream into a fixed-size byte buffer (1024 bytes) and decoded each chunk independently. When a multi-byte character sequence was split across a buffer boundary, the decoder received incomplete character data, resulting in replacement characters (�) in the final string.

Solution: Replaced BufferedInputStream with InputStreamReader to handle buffering and character decoding together in a streaming fashion, ensuring multi-byte character sequences are never split.

Note: The implementation is copied from Java 25's InputStreamReader#readAllAsString.

This issue became more significant after fixing UNDERTOW-2337, as large form-data field values are now processed by this vulnerable function. Originally reported in Spring Framework issue #35292.

Issue: UNDERTOW-2655

@fl4via fl4via added the bug fix Contains bug fix(es) label Oct 28, 2025
fl4via
fl4via requested changes Oct 29, 2025
View reviewed changes
Copy link
Member

@fl4via fl4via left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @finalchild ! thanks for your PR, can you please create a test for the fix?

@fl4via fl4via added the waiting PR update Awaiting PR update(s) from contributor before merging label Oct 29, 2025
@finalchild
Copy link
Author

finalchild commented Oct 31, 2025

@fl4via
Added tests!

@finalchild @claude
[UNDERTOW-2655] Fix text corruption in FileUtils.readFile when readin…
b12583b 
…g multi-byte characters

The readFile method was reading the InputStream into a fixed-size byte buffer and decoding each chunk independently. This caused multi-byte UTF-8 character sequences to be split across buffer boundaries, resulting in text corruption with replacement characters.

Replaced BufferedInputStream with InputStreamReader to handle buffering and character decoding together in a streaming fashion, ensuring multi-byte character sequences are never split.

This issue became more significant after UNDERTOW-2337, as large form-data field values are now processed by this function. Originally reported in Spring Framework issue #35292.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@finalchild finalchild requested a review from fl4via November 2, 2025 04:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fl4via fl4via Awaiting requested review from fl4via

Assignees

No one assigned

Labels

bug fix Contains bug fix(es) waiting PR update Awaiting PR update(s) from contributor before merging

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@finalchild @fl4via