StringIndexOutOfBoundsException in MessageWriter.java Line 91

[k-a-z-u]

Error

java.lang.StringIndexOutOfBoundsException: begin 0, end -9, length 43
in MessageWriter.write(String)

Reason

In Line 91 of com.sun.xml.ws.util.MessageWriter

super.write(str.substring(0, limit - size));

limit-size was negative, causing a StringIndexOutOfBoundsException

In my case, the involved values were:
size = 4105
str.length() = 43
limit = 4096
limit - size = -9

Steps to Reproduce

Unfortunately, i could not trace the actual order and contents write(...) was called with.
Aforementioned crash happened out of the blue today.
However, i was able to craft something that can trigger the same behavior:

int limit = 4096;
com.sun.xml.ws.util.MessageWriter mw = new com.sun.xml.ws.util.MessageWriter(new StringWriter(), limit);
mw.write(new String(new char[limit - 40]));
mw.write("-- content-transfer-encoding: binary");
mw.write("");
mw.write("--");

should crash with

java.lang.StringIndexOutOfBoundsException: begin 0, end -14, length 2

Workaround

Quick-Fix for me was to reduce the logging level for com.sun.xml.*

[k-a-z-u]

I was able to reproduce the exact order of calls that triggered the issue in production.
Can be summarized as follows:

com.sun.xml.ws.util.MessageWriter mw = new com.sun.xml.ws.util.MessageWriter(new StringWriter(), 4096);
mw.write("---[HTTP response 200]---");
for (int i = 0; i < 999; ++i) {
	mw.write("--uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"); // crashes here, if size >= 4096
	mw.write("Content-ID: <rootpart*[email protected]>");
	mw.write("Content-Type: .....");
	mw.write("Content-Transfer-Encoding: binary");
	mw.write("");
	mw.write(".. some data that is ignored ..");
}

the crash only happens if the order/content of write(...) calls triggered

if (!headers && filtering) {
	...
	size += 18;

which can cause the internal size to grow beyond the 4096 limit
If this is followed by a write() call starting with "--" the crash occurs.