Xerces2-J
  1. Xerces2-J
  2. XERCESJ-1554

An incomplete fix for the NPE bugs in IdentityConstraint.java

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Won't Fix
    • Affects Version/s: 2.6.2
    • Fix Version/s: None
    • Component/s: Other

      Description

      The fix revision 320527 was aimed to remove an NPE bug on the "this.fSelector" in the method "getSelectorStr" of the file

      "/xerces/java/trunk/src/org/apache/xerces/impl/xs/identity/IdentityConstraint.java" , but it is incomplete.
      Since the "this.fSelector" is a class field and also could be null during the run-time execution, it should also be null-checked before being dereferenced in other methods.

      The buggy code locations the same fix needs to be applied at are as bellows:

      Line 148 of the method "equals";

      public boolean equals(IdentityConstraint id)

      { boolean areEqual = fIdentityConstraintName.equals(id.fIdentityConstraintName); if(!areEqual) return false; areEqual = fSelector.toString().equals(id.fSelector.toString()); if(!areEqual) return false; areEqual = (fFieldCount == id.fFieldCount); if(!areEqual) return false; for(int i=0; i<fFieldCount; i++) if(!fFields[i].toString().equals(id.fFields[i].toString())) return false; return true; }

      // equals

      1. attP006.xsd
        0.7 kB
        Guangtai Liang

        Activity

        Hide
        Michael Glavassevich added a comment -

        Xerces 2.6.2 was released in 2004. You're looking at something which is now 8 years old. The community moved on from that long ago. We do not patch old releases.

        What you are claiming is an issue is not possible with the current codebase.

        Show
        Michael Glavassevich added a comment - Xerces 2.6.2 was released in 2004. You're looking at something which is now 8 years old. The community moved on from that long ago. We do not patch old releases. What you are claiming is an issue is not possible with the current codebase.
        Hide
        Guangtai Liang added a comment -

        I have provided the affects version info and an invalid schema file.
        Thanks.

        Show
        Guangtai Liang added a comment - I have provided the affects version info and an invalid schema file. Thanks.
        Hide
        Guangtai Liang added a comment -

        When using this invalid schema file, NPE will be issued in the method "equals"
        It would be nice if you would fix this. Thanks.

        Show
        Guangtai Liang added a comment - When using this invalid schema file, NPE will be issued in the method "equals" It would be nice if you would fix this. Thanks.
        Hide
        Michael Glavassevich added a comment -

        You still haven't stated what version of Xerces you're looking at. There have been many changes made to the codebase through out the years, in particular multiple improvements to error handling of invalid schemas [1]. If an error (e.g. a missing selector) occurred while processing an identity constraint it's never added to the schema model.

        [1] https://issues.apache.org/jira/browse/XERCESJ-1372

        Show
        Michael Glavassevich added a comment - You still haven't stated what version of Xerces you're looking at. There have been many changes made to the codebase through out the years, in particular multiple improvements to error handling of invalid schemas [1] . If an error (e.g. a missing selector) occurred while processing an identity constraint it's never added to the schema model. [1] https://issues.apache.org/jira/browse/XERCESJ-1372
        Hide
        Guangtai Liang added a comment - - edited

        Please refer to the invalid schema file which was provided for reproducing the NPE issue (https://issues.apache.org/jira/browse/XERCESJ-1078)

        If fSelector can be null in that case, I think the null-check should also be made before the dereference on fSelector in the method "equals".

        The detailed description on this issue is copied here :

        "in case of an invalid schema file with the error "s4s-elt-must-match.2"
        (The content of 'identity constraint' must match (annotation?, selector, field+). Not enough elements were found.) the attribute fSelector might be null and thus the method getSelectorStr() causes a NPE.

        In my case, anylsing invalid schema files (as good as possible) it is important not to have this exception, so I'm working with my own patched version of Xerces2-J. It would be nice if you would fix this somewhen.

        Example from schema test suite to preproduce:
        msxsdtest\identityConstraint\idB059.xsd

        My fix is quite simple: just check on null:

        Old:
        return fSelector.toString();

        New:
        return fSelector == null ? null : fSelector.toString();
        "

        Show
        Guangtai Liang added a comment - - edited Please refer to the invalid schema file which was provided for reproducing the NPE issue ( https://issues.apache.org/jira/browse/XERCESJ-1078 ) If fSelector can be null in that case, I think the null-check should also be made before the dereference on fSelector in the method "equals". The detailed description on this issue is copied here : "in case of an invalid schema file with the error "s4s-elt-must-match.2" (The content of 'identity constraint' must match (annotation?, selector, field+). Not enough elements were found.) the attribute fSelector might be null and thus the method getSelectorStr() causes a NPE. In my case, anylsing invalid schema files (as good as possible) it is important not to have this exception, so I'm working with my own patched version of Xerces2-J. It would be nice if you would fix this somewhen. Example from schema test suite to preproduce: msxsdtest\identityConstraint\idB059.xsd My fix is quite simple: just check on null: Old: return fSelector.toString(); New: return fSelector == null ? null : fSelector.toString(); "
        Hide
        Michael Glavassevich added a comment -

        An identity constraint is required to have a selector. The schema loader will have already verified that before the IdentityConstraint is created.

        Show
        Michael Glavassevich added a comment - An identity constraint is required to have a selector. The schema loader will have already verified that before the IdentityConstraint is created.

          People

          • Assignee:
            Unassigned
            Reporter:
            Guangtai Liang
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 10m
              10m
              Remaining:
              Remaining Estimate - 10m
              10m
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development