(tomcat) branch 10.1.x updated: Fix bad types in JSP runtime

Mon, 01 Jun 2026 02:23:48 -0700 

This is an automated email from the ASF dual-hosted git repository.

rmaucher pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new 705805189c Fix bad types in JSP runtime
705805189c is described below

commit 705805189c7341aa5ab3d13124f691ed1755a447
Author: remm <[email protected]>
AuthorDate: Mon Jun 1 11:20:17 2026 +0200

    Fix bad types in JSP runtime
    
    Clarify object factories a little (not usable, so avoid them).
    Catch some out of bounds exceptions parsing EL expressions.
---
 java/org/apache/jasper/compiler/Validator.java        |  4 ++--
 java/org/apache/jasper/runtime/JspRuntimeLibrary.java | 10 ++++++----
 java/org/apache/naming/AbstractRef.java               |  4 ++--
 java/org/apache/naming/ContextAccessController.java   |  4 ++--
 4 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/java/org/apache/jasper/compiler/Validator.java 
b/java/org/apache/jasper/compiler/Validator.java
index c51d474cc3..a99698c2ba 100644
--- a/java/org/apache/jasper/compiler/Validator.java
+++ b/java/org/apache/jasper/compiler/Validator.java
@@ -1193,10 +1193,10 @@ class Validator {
             // valid attribute value in xml).
 
             if (value != null) {
-                if (n.getRoot().isXmlSyntax() && value.startsWith("%=")) {
+                if (n.getRoot().isXmlSyntax() && value.startsWith("%=") && 
value.length() >= 3) {
                     result = new Node.JspAttribute(tai, qName, uri, localName, 
value.substring(2, value.length() - 1),
                             true, null, dynamic);
-                } else if (!n.getRoot().isXmlSyntax() && 
value.startsWith("<%=")) {
+                } else if (!n.getRoot().isXmlSyntax() && 
value.startsWith("<%=") && value.length() >= 5) {
                     result = new Node.JspAttribute(tai, qName, uri, localName, 
value.substring(3, value.length() - 2),
                             true, null, dynamic);
                 } else {
diff --git a/java/org/apache/jasper/runtime/JspRuntimeLibrary.java 
b/java/org/apache/jasper/runtime/JspRuntimeLibrary.java
index a764c1cf7b..694e58eb89 100644
--- a/java/org/apache/jasper/runtime/JspRuntimeLibrary.java
+++ b/java/org/apache/jasper/runtime/JspRuntimeLibrary.java
@@ -567,7 +567,7 @@ public class JspRuntimeLibrary {
 
         try {
             if (propertyEditorClass != null) {
-                Object[] tmpval = new Integer[values.length];
+                Object[] tmpval = new Object[values.length];
                 for (int i = 0; i < values.length; i++) {
                     tmpval[i] = getValueFromBeanInfoPropertyEditor(t, 
propertyName, values[i], propertyEditorClass);
                 }
@@ -669,7 +669,7 @@ public class JspRuntimeLibrary {
                 }
                 method.invoke(bean, new Object[] { tmpval });
             } else {
-                Object[] tmpval = new Integer[values.length];
+                Object[] tmpval = new Object[values.length];
                 for (int i = 0; i < values.length; i++) {
                     tmpval[i] = getValueFromPropertyEditorManager(t, 
propertyName, values[i]);
                 }
@@ -956,6 +956,7 @@ public class JspRuntimeLibrary {
         Method result = null;
         Class<?> type = null;
         if (GRAAL) {
+            // BeanInfo is approximated with Graal
             String setter = "set" + capitalize(prop);
             Method[] methods = beanClass.getMethods();
             for (Method method : methods) {
@@ -1002,10 +1003,11 @@ public class JspRuntimeLibrary {
         Method result = null;
         Class<?> type = null;
         if (GRAAL) {
-            String setter = "get" + capitalize(prop);
+            // BeanInfo is approximated with Graal
+            String getter = "get" + capitalize(prop);
             Method[] methods = beanClass.getMethods();
             for (Method method : methods) {
-                if (setter.equals(method.getName())) {
+                if (getter.equals(method.getName())) {
                     return method;
                 }
             }
diff --git a/java/org/apache/naming/AbstractRef.java 
b/java/org/apache/naming/AbstractRef.java
index 6e8efb5024..8794a09eba 100644
--- a/java/org/apache/naming/AbstractRef.java
+++ b/java/org/apache/naming/AbstractRef.java
@@ -60,8 +60,8 @@ public abstract class AbstractRef extends Reference {
         if (factory != null) {
             return factory;
         } else {
-            factory = System.getProperty(Context.OBJECT_FACTORIES);
-            if (factory != null) {
+            String objectFactories = 
System.getProperty(Context.OBJECT_FACTORIES);
+            if (objectFactories != null) {
                 return null;
             } else {
                 return getDefaultFactoryClassName();
diff --git a/java/org/apache/naming/ContextAccessController.java 
b/java/org/apache/naming/ContextAccessController.java
index e3d36e7020..13a8fac393 100644
--- a/java/org/apache/naming/ContextAccessController.java
+++ b/java/org/apache/naming/ContextAccessController.java
@@ -56,8 +56,8 @@ public class ContextAccessController {
         if (sm != null) {
             sm.checkPermission(new 
RuntimePermission(ContextAccessController.class.getName() + 
".setSecurityToken"));
         }
-        if ((!securityTokens.containsKey(name)) && (token != null)) {
-            securityTokens.put(name, token);
+        if (token != null) {
+            securityTokens.putIfAbsent(name, token);
         }
     }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to