[jira] [Created] (XERCESJ-1552) An incomplete fix for the NPE bugs in RangeToken.java

Sun, 12 Feb 2012 23:27:48 -0800 

An incomplete fix for the NPE bugs in RangeToken.java
-----------------------------------------------------

                 Key: XERCESJ-1552
                 URL: https://issues.apache.org/jira/browse/XERCESJ-1552
             Project: Xerces2-J
          Issue Type: Bug
          Components: Other
            Reporter: Guangtai Liang
            Priority: Critical


The fix revision 928735 was aimed to remove an NPE bug on the "this.ranges " in 
the method "dumpRanges" of the file 
"/xerces/java/trunk/src/org/apache/xerces/impl/xpath/regex/RangeToken.java" , 
but it is incomplete. 
Since the "this.ranges" is a class field and also could be null during the 
run-time execution, it should also be null-checked before being dereferenced in 
other methods. 

The buggy code locations the same fix needs to be applied at are as bellows: 

Lines 497 and 505 of the method "match"; 

 boolean match(int ch) {
        if (this.map == null)  this.createMap();
        boolean ret;
        if (this.type == RANGE) {
            if (ch < MAPSIZE)
                return (this.map[ch/32] & (1<<(ch&0x1f))) != 0;
            ret = false;
            for (int i = this.nonMapIndex;  i < this.ranges.length;  i += 2) {
                if (this.ranges[i] <= ch && ch <= this.ranges[i+1])
                    return true;
            }
        } else {
            if (ch < MAPSIZE)
                return (this.map[ch/32] & (1<<(ch&0x1f))) == 0;
            ret = true;
            for (int i = this.nonMapIndex;  i < this.ranges.length;  i += 2) {
                if (this.ranges[i] <= ch && ch <= this.ranges[i+1])
                    return false;
            }
        }
        return ret;
    }

Line 517 of the method "createMap". 

private void createMap() {
        int asize = MAPSIZE/32;                 // 32 is the number of bits in 
`int'.
        int [] map = new int[asize];
        int nonMapIndex = this.ranges.length;
        for (int i = 0; i < asize; ++i) {
            map[i] = 0;
        }
        for (int i = 0; i < this.ranges.length;  i += 2) {
            int s = this.ranges[i];
            int e = this.ranges[i+1];
            if (s < MAPSIZE) {
                for (int j = s; j <= e && j < MAPSIZE; j++) {
                    map[j/32] |= 1<<(j&0x1f); // s&0x1f : 0-31
                }
            } 
            else {
                nonMapIndex = i;
                break;
            }
            if (e >= MAPSIZE) {
                nonMapIndex = i;
                break;
            }
        }
        this.map = map;
        this.nonMapIndex = nonMapIndex;
        //for (int i = 0;  i < asize;  i ++)  System.err.println("Map: 
"+Integer.toString(this.map[i], 16));
    }



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-dev-h...@xerces.apache.org

Reply via email to