Skip to content

Comments

Fix Uri.TryUnescapeDataString throwing instead of returning false with small destination buffers#124655

Open
Copilot wants to merge 3 commits intomainfrom
copilot/fix-uri-tryunescapebuffer-issue
Open

Fix Uri.TryUnescapeDataString throwing instead of returning false with small destination buffers#124655
Copilot wants to merge 3 commits intomainfrom
copilot/fix-uri-tryunescapebuffer-issue

Conversation

Copy link
Contributor

Copilot AI commented Feb 20, 2026

Uri.TryUnescapeDataString threw ArgumentOutOfRangeException instead of returning false when the destination span was shorter than the index of the first % in the input:

Uri.TryUnescapeDataString("aa%", [], out _); // threw ArgumentOutOfRangeException

Description

Root cause: When the input contains %, the method uses destination.Slice(indexOfFirstToUnescape) as the initial buffer for ValueStringBuilder. If destination.Length < indexOfFirstToUnescape, this Slice call throws instead of returning false gracefully.

Fix: Added an early-out guard — when destination.Length < indexOfFirstToUnescape, the destination cannot hold even the literal prefix before the first %, so false is returned immediately with charsWritten = 0. This check is placed before the overlapped-buffer detection, so it fires unconditionally in both overlapped and non-overlapped cases.

Tests: Added [Theory] cases covering the reported scenario and similar variants ("aa%" and "aaa%41" with destination sizes smaller than the prefix length).

Original prompt

This section details on the original issue you should resolve

<issue_title>Uri.TryUnescapeDataString may throw with small destination buffers</issue_title>
<issue_description>```c#
Uri.TryUnescapeDataString("aa%", [], out _)

Throws `ArgumentOutOfRangeException` instead of returning `false`.</issue_description>

## Comments on the Issue (you are @copilot in this section)

<comments>
</comments>


💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@dotnet-policy-service
Copy link
Contributor

Tagging subscribers to this area: @karelz, @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

…h small destination buffers

Co-authored-by: MihaZupan <25307628+MihaZupan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix ArgumentOutOfRangeException in Uri.TryUnescapeDataString Fix Uri.TryUnescapeDataString throwing instead of returning false with small destination buffers Feb 20, 2026
Copilot AI requested a review from MihaZupan February 20, 2026 16:50
Co-authored-by: MihaZupan <25307628+MihaZupan@users.noreply.github.com>
Copilot AI requested a review from MihaZupan February 20, 2026 17:17
@MihaZupan MihaZupan marked this pull request as ready for review February 20, 2026 17:18
Copilot AI review requested due to automatic review settings February 20, 2026 17:18
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a bug in Uri.TryUnescapeDataString where the method threw ArgumentOutOfRangeException instead of returning false when the destination buffer was smaller than the index of the first % character in the input. The fix adds an early-out guard that checks if the destination can hold the literal prefix before the first escape sequence.

Changes:

  • Added an early-out check in TryUnescapeDataString to return false when destination.Length < indexOfFirstToUnescape
  • Added test cases covering the bug scenario with various input strings and destination sizes

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
src/libraries/System.Private.Uri/src/System/UriExt.cs Added guard check to prevent ArgumentOutOfRangeException when destination is too small to hold the literal prefix before first %
src/libraries/System.Private.Uri/tests/FunctionalTests/UriEscapingTest.cs Added [Theory] test with 5 test cases covering the bug scenario with different input strings and destination buffer sizes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Uri.TryUnescapeDataString may throw with small destination buffers

2 participants