Guard for empty FileItems in CommonsFileUploadSupport

poutsma · poutsma · commit d3ec9395e17e · 2023-11-08T15:35:17.000+01:00
This commit ensures that a FileItem is not empty before its value is read. Closes gh-31564
diff --git a/spring-web/src/main/java/org/springframework/web/multipart/commons/CommonsFileUploadSupport.java b/spring-web/src/main/java/org/springframework/web/multipart/commons/CommonsFileUploadSupport.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -255,16 +255,21 @@ protected MultipartParsingResult parseFileItems(List<FileItem> fileItems, String
 		for (FileItem fileItem : fileItems) {
 			if (fileItem.isFormField()) {
 				String value;
-				String partEncoding = determineEncoding(fileItem.getContentType(), encoding);
-				try {
-					value = fileItem.getString(partEncoding);
-				}
-				catch (UnsupportedEncodingException ex) {
-					if (logger.isWarnEnabled()) {
-						logger.warn("Could not decode multipart item '" + fileItem.getFieldName() +
-								"' with encoding '" + partEncoding + "': using platform default");
+				if (fileItem.getSize() > 0) {
+					String partEncoding = determineEncoding(fileItem.getContentType(), encoding);
+					try {
+						value = fileItem.getString(partEncoding);
+					}
+					catch (UnsupportedEncodingException ex) {
+						if (logger.isWarnEnabled()) {
+							logger.warn("Could not decode multipart item '" + fileItem.getFieldName() +
+									"' with encoding '" + partEncoding + "': using platform default");
+						}
+						value = fileItem.getString();
 					}
-					value = fileItem.getString();
+				}
+				else {
+					value = "";
 				}
 				String[] curParam = multipartParameters.get(fileItem.getFieldName());
 				if (curParam == null) {
