Java::JavaLang::ArrayIndexOutOfBoundsException in CGI.unescapeHTML

[mmmries]

Environment

• jruby 9.1.7.0 (2.3.1) 2017-01-11 68056ae Java HotSpot(TM) 64-Bit Server VM 25.121-b13 on 1.8.0_121-b13 +jit [linux-x86_64]
• Ubuntu 14.04.5 LTS x86_64

$ java -version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)

I've also reproduced this on my laptop:

• MacOS Sierra
• jruby 9.1.7.0 (2.3.1) 2017-01-11 68056ae Java HotSpot(TM) 64-Bit Server VM 25.60-b23 on 1.8.0_60-b27 +jit [darwin-x86_64]

Expected Behavior

::CGI.unescapeHTML("DRAMATIC PLAY DOCTOR&#")
=> "DRAMATIC PLAY DOCTOR&#"

Actual Behavior

::CGI.unescapeHTML("DRAMATIC PLAY DOCTOR&#")
Java::JavaLang::ArrayIndexOutOfBoundsException: 22
	from org.jruby.ext.cgi.escape.CGIEscape.optimized_unescape_html(CGIEscape.java:174)
	from org.jruby.ext.cgi.escape.CGIEscape.cgiesc_unescape_html(CGIEscape.java:372)
	from org.jruby.ext.cgi.escape.CGIEscape$INVOKER$s$1$0$cgiesc_unescape_html.call(CGIEscape$INVOKER$s$1$0$cgiesc_unescape_html.gen)
	from org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:338)
	from org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:163)
	from org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:315)
	from org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:73)
	from org.jruby.ir.interpreter.InterpreterEngine.interpret(InterpreterEngine.java:84)
	from org.jruby.internal.runtime.methods.MixedModeIRMethod.INTERPRET_METHOD(MixedModeIRMethod.java:179)
	from org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:165)
	from org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:200)
	from org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:338)
	from org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:163)
	from org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:315)
	from org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:73)
	from org.jruby.internal.runtime.methods.MixedModeIRMethod.INTERPRET_METHOD(MixedModeIRMethod.java:109)
... 328 levels...
	from org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:383)
	from org.jruby.internal.runtime.methods.AliasMethod.call(AliasMethod.java:61)
	from org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:338)
	from org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:163)
	from bin.rails.invokeOther8:require(bin/rails:8)
	from bin.rails.RUBY$script(bin/rails:8)
	from java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
	from org.jruby.ir.Compiler$1.load(Compiler.java:90)
	from org.jruby.Ruby.runScript(Ruby.java:823)
	from org.jruby.Ruby.runNormally(Ruby.java:742)
	from org.jruby.Ruby.runNormally(Ruby.java:760)
	from org.jruby.Ruby.runFromMain(Ruby.java:573)
	from org.jruby.Main.doRunFromMain(Main.java:417)
	from org.jruby.Main.internalRun(Main.java:305)
	from org.jruby.Main.run(Main.java:232)
	from org.jruby.Main.main(Main.java:204)

Note: running the exact exmaple above in a fresh irb session does not trigger the behavior, but it is reproducible within my application codebase. I've verified that the .bytes and .to_java_bytes are the same for the string are the same in both cases. I also tried running it as ::CGI.unescapeHTML(description.dup) and it throws the same error. I'm still trying to get a reproducible that I can trigger from a fresh IRB session, but thought I would report this in the meantime

[enebo]

Add spec commit 1ad761b to get coverage on this.

[mmmries]

💙 💚 💛 ❤️ 💙 💚 💛 ❤️ 💙 💚 💛 ❤️ 💙 💚 💛 ❤️ 💙 💚 💛 ❤️

Thanks @enebo! Pulled down jruby head and confirmed that it fixed my reproducible case as well. Glad I opened the issue before spending 3 days hitting my head against a wall