[Geotools-devel] [jira] Created: (GEOT-2380) Dangerous use of method String>>split in org.geotools.gml2.bindings.GMLCoordinatesTypeBinding

Tue, 10 Mar 2009 07:13:36 -0700 

Dangerous use of method String>>split in 
org.geotools.gml2.bindings.GMLCoordinatesTypeBinding
---------------------------------------------------------------------------------------------

                 Key: GEOT-2380
                 URL: http://jira.codehaus.org/browse/GEOT-2380
             Project: GeoTools
          Issue Type: Bug
          Components: ext xml-xsd
    Affects Versions: 2.5.5, 2.6-M2
            Reporter: Christian Mueller


The use of  the String.split(regexp) in method 

parse(ElementInstance instance, Node node, Object value)

is dangerous. The following code segments does nasty things if cs is an regexp 
Metchar (like | . * ),.

            //next tokenize by coordinate seperator
            String[] oords = tuple.split(cs);

Using a  StringTokenizer helps. I rewrote the while loop and anything works 
fine.

  while (tuples.hasMoreTokens()) {
        String tuple = tuples.nextToken();

        //next tokenize by coordinate seperator
        StringTokenizer oords = new StringTokenizer(tuple,cs);

        //next tokenize by decimal
        String x = null;

        //next tokenize by decimal
        String y = null;

        //next tokenize by decimal
        String z = null;

        //must be at least 1D
        String tmp = oords.nextToken();
        int count=1;
        x = ".".equals(decimal) ? tmp : tmp.replaceAll(decimal, ".");

        
        if (oords.hasMoreTokens()) {
                tmp = oords.nextToken();
                count++;
            y = ".".equals(decimal) ? tmp : tmp.replaceAll(decimal, ".");
        }

        
        if (oords.hasMoreTokens()) {
                tmp = oords.nextToken();
                count++;
            z = ".".equals(decimal) ? tmp : tmp.replaceAll(decimal, ".");
        }

        if (seq == null) {
            seq = csFactory.create(ncoords, count);
        }

        seq.setOrdinate(i, CoordinateSequence.X, Double.parseDouble(x));

        if (y != null) {
            seq.setOrdinate(i, CoordinateSequence.Y, Double.parseDouble(y));
        }

        if (z != null) {
            seq.setOrdinate(i, CoordinateSequence.Z, Double.parseDouble(z));
        }

        i++;
    }


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
_______________________________________________
Geotools-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geotools-devel

Reply via email to