src/java.base/share/classes/java/util/UUID.java

@@ -204,10 +204,20 @@
         int dash2 = name.indexOf('-', dash1 + 1);
         int dash3 = name.indexOf('-', dash2 + 1);
         int dash4 = name.indexOf('-', dash3 + 1);
         int dash5 = name.indexOf('-', dash4 + 1);
 
+        int len1 = dash1;
+        int len2 = dash2 - dash1 - 1;
+        int len3 = dash3 - dash2 - 1;
+        int len4 = dash4 - dash3 - 1;
+        int len5 = len - dash4 - 1;
+
+        if (len1 > 8 || len2 > 4 || len3 > 4 || len4 > 4 || len5 > 12) {
+            throw new IllegalArgumentException("Invalid UUID string: " + name);
+        }
+        
         // For any valid input, dash1 through dash4 will be positive and dash5
         // negative, but it's enough to check dash4 and dash5:
         // - if dash1 is -1, dash4 will be -1
         // - if dash1 is positive but dash2 is -1, dash4 will be -1
         // - if dash1 and dash2 is positive, dash3 will be -1, dash4 will be