[Bug 55552] New: Potential NullPointerException in compiled JSPs if expected result is of primitive type

Wed, 11 Sep 2013 23:20:21 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=55552

            Bug ID: 55552
           Summary: Potential NullPointerException in compiled JSPs if
                    expected result is of primitive type
           Product: Tomcat 8
           Version: 8.0.0-RC1
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Jasper
          Assignee: dev@tomcat.apache.org
          Reporter: arvids.grabovs...@gmail.com

Created attachment 30821
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=30821&action=edit
Web application with required libraries and JSP file to repredouce the NPE

If JSP includes a line "<c:if test="${nonExisting}">Hello,world!</c:if>" where
"nonExisting" is attribute that does not exist, then NullPointerException will
be thrown. The cause is at org.apache.jasper.compiler.JspUtil.java at line #421
which generates something like:
((java.lang.Boolean)
org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate("${nonExisting}",
java.lang.Boolean.class, (javax.servlet.jsp.PageContext)_jspx_page_context,
null, false)).booleanValue()

The result of proprietaryEvaluate() is null (because of EL 3.0 changes
regarding coercing), hence calling booleanValue() will throw NPE. The latest
changes in EL specification does require guarding against such null pointer
access (otherwise it will break lots of existing applications). I really hope
that NPE is not intended behavior.

Steps to reproduce:
* put jstl 1.2+ required jar files in WEB-INF/lib (or tomcat/lib)
* Create a simple JSP file with line above (<c:if
test="${nonExisting}">Hello,world!</c:if>)
* Exception is thrown upon invoking jsp:
java.lang.NullPointerException
    org.apache.jsp.index_jsp._jspx_meth_c_005fif_005f0(index_jsp.java:109)
    org.apache.jsp.index_jsp._jspService(index_jsp.java:81)
    org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
   
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:403)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:347)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:91)

As far as I understand, this is direct result of incompatibility between EL 3.0
(http://download.oracle.com/otndocs/jcp/el-3_0-fr-eval-spec/index.html) and 2.2
as stated in EL spec this is intended behavior of EL. Here's the citation
(Section A.4):
"The default coercion for nulls to non-primitive types (except String) returns 
nulls. For instance, a null coerced to Boolean now returns a null, while a 
null coerced to boolean returns false."

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to