https://issues.apache.org/bugzilla/show_bug.cgi?id=53986
--- Comment #8 from Konstantin Kolinko <knst.koli...@gmail.com> ---
(In reply to comment #6)
> Found the problem. It is line 429 of JspReader:
>
> setCurrent(restart);
>
> This makes the current Mark and the reset Mark the same object and they need
> to be kept separate. Looking at a fix now. It is possible that this issue
> will have have wider impacts that just comment tag parsing.
I agree with the fix.
For reference: r1396615 r1396617
For reference: The JspReader.skipUntil(String limit) method performs search for
the first occurrence of string "limit" and returns its position or null if none
found.
As far as I see, the only place in that method where "current" and "restart"
marks being the same object matters is this line:
(#433 in 7.0.x, 427 in trunk)
nextChar();
It is supposed to advance "current", but if the objects are the same, it
advances "restart" mark as well. Thus the next search re-try will start from a
wrong place.
To trigger this issue the following two steps should occur:
1. The first character of "limit" must occur somewhere in the preceding text.
That is to trigger incorrect setCurrent(restart) call to start the issue.
2. It should be incorrect to skip more than 1 character when re-trying the
search from a new place. This is what produces the incorrect result. This can
happen only if the first character of "limit" is repeated somewhere on
non-first position in the "limit" string.
The JspReader.skipUntil(..) method is invoked with the following arguments:
skipUntil("</" + tag);
skipUntil("--%>");
skipUntil("%>");
skipUntil("<");
skipUntil(">");
skipUntil("]]>");
skipUntil(":root");
An '<' cannot occur in "tag". So the only places where the issue can happen are
skipUntil("--%>");
skipUntil("]]>");
I looked for other calls of setCurrent(..) and do not see such problems
elsewhere, so it is only limited to this skipUntil(..) method.
The "]]>" is used to terminate a "<![CDATA[". Noting that this affects JSP
pages only. As far as I see, JSP documents are parsed differently.
The impact of this issue is that if the "limit" string is preceded by "-" or
"]" correspondingly, it will not be recognized. If there is further occurrence
of the sought string, it may skip there, without a compilation failure.
Example 1. "test.jsp"
<jsp:text><![CDATA[Hello world!] ]]]></jsp:text>
Expected output: "Hello world!] ]"
Actual output in 7.0.32: JasperException: Unterminated CDATA tag
Example 2.
<%-- - ---%>Hello<%-- --%> world!
Note the stray "-" to start the issue. It causes "---%" to be not recognized.
Expected output: "Hello world!"
Actual output in 7.0.32: " world!"
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
