CODEC-313: Fix possible ArrayIndexOutOfBoundsException thrown by QuotedPrintableCodec.encodeQuotedPrintable() method

[arthurscchan]

This fixes a possible ArrayIndexOutOfBoundException in src/main/java/org/apache/commons/codec/language/QuotedPrintableCodec.java thrown by QuotedPrintableCodec.encodeQuotedPrintable() method when the input byte array has less than 3 elements.

This PR adds a conditional check to ensure the index is never negative. It will simply return null if the byte array is too short (with a length less than 3) if strict value is true.

We found this bug using fuzzing by way of OSS-Fuzz. It is reported at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64358.

[garydgregory]

@arthurscchan
You'll need a unit test to prove what the main change does.

[arthurscchan]

Hi, I have added the unit test.

[garydgregory]

@arthurscchan
Please use a better description in PRs and JIRA: Specify the class and method where the exception occurs.

[garydgregory]

@arthurscchan
Please see my comment.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (44e4c4d) 92.27% compared to head (130dafc) 92.28%.
Report is 4 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##             master     #221   +/-   ##
=========================================
  Coverage     92.27%   92.28%           
- Complexity     1742     1743    +1     
=========================================
  Files            67       67           
  Lines          4584     4586    +2     
  Branches        709      710    +1     
=========================================
+ Hits           4230     4232    +2     
  Misses          242      242           
  Partials        112      112           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[garydgregory]

@arthurscchan
TY, merged. It looks like encoder exceptions are not in play here.