DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5191>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5191 JspReader.skipUntil() misss overlaping partial matches Summary: JspReader.skipUntil() misss overlaping partial matches Product: Tomcat 3 Version: 3.2.x Nightly Platform: All OS/Version: All Status: NEW Severity: Minor Priority: Other Component: Jasper AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] When the inner loop in org.apache.jasper.compiler.JspReader detects a partial match and continues the outter loop, it doesn't reset the file position. If the trailing characters of the partial match are actually the leading characters of a full match, the full match will be missed. Here's an example. If a JSP author accidentially types a closing comment with an extra dash (<%-- blah .... ---%>), when Parser$Comment searches for the end comment, the failed partial match aginst "---" leaves the mark beyond the second dash, and the close comment is missed, resulting in a ParseException. I'll admit that's pretty obscure. And it's not 100% clear from the JSP spec that a leading space is not required for the close comment. But it dosen't hurt to be kind to the JSP author. I did my testing aginst the head of the tomcat_32 branch. But the same code exists in 3.3 as well as 4.0. The exception thrown in the above example is org.apache.jasper.compiler.ParseException: Unterminated <%-- tag at org.apache.jasper.compiler.Parser$Comment.accept(Parser.java:412) at org.apache.jasper.compiler.Parser.parse(Parser.java:1077) at org.apache.jasper.compiler.Parser.parse(Parser.java:1042) at org.apache.jasper.compiler.Parser.parse(Parser.java:1038) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:209) at org.apache.jasper.servlet.JspServlet.doLoadJSP(JspServlet.java:612) at org.apache.jasper.servlet.JasperLoader12.loadJSP(JasperLoader12.java:146) at org.apache.jasper.servlet.JspServlet.loadJSP(JspServlet.java:542) at org.apache.jasper.servlet.JspServlet$JspServletWrapper.loadIfNecessary(JspServle t.java:258) at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:2 68) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:429) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:500) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:405) at org.apache.tomcat.core.Handler.service(Handler.java:287) at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372) at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:806) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:752) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConne ctionHandler.java:213) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501) at java.lang.Thread.run(Thread.java:479) There's a simple patch that I'll attach that covers my example and failes to break any of the JSP tests in watchdog. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
