You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@xalan.apache.org by bu...@apache.org on 2003/07/29 18:27:46 UTC

DO NOT REPLY [Bug 21974] New: - Runtime exception from DOM2SAX

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21974>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21974

Runtime exception from DOM2SAX

           Summary: Runtime exception from DOM2SAX
           Product: XalanJ2
           Version: 2.5Dx
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: org.apache.xalan.xsltc
        AssignedTo: xalan-dev@xml.apache.org
        ReportedBy: derrick.koes@smith-nephew.com
                CC: derrick.koes@smith-nephew.com


org.apache.xalan.xsltc.trax.DOM2SAX.java line 350 does the processing to 
convert a DOM text node to a SAX text.  However, if malicious code has set the 
DOM text node to null, the processing will stop with a runtime exception 
because an attempt to call toCharArray() on a null object has been made.
Below is a snippet from the defective code.  Following that is a possible fix.

case Node.TEXT_NODE:
	    final String data = node.getNodeValue();
            _sax.characters(data.toCharArray(), 0, data.length());


case Node.TEXT_NODE:
	    final String data = node.getNodeValue();
        if (null != data) {
	    _sax.characters(data.toCharArray(), 0, data.length());
        }