Bug 38476 - org.apache.catalina.startup.TldConfig doesn't handle missing tlds well
Summary: org.apache.catalina.startup.TldConfig doesn't handle missing tlds well
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 5.5.14
Hardware: Other other
: P2 minor (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-02-01 16:25 UTC by Fabrizio Giustina
Modified: 2006-04-13 13:42 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Fabrizio Giustina 2006-02-01 16:25:27 UTC
Missing tlds are not handled properly in TldConfig.tldScanTld(). Instead of
throwing an exception for the missing resource, an empty InputStream is created
and so an exception is generated by the xml parser

there is a bad catch around line 536:

try {
    inputSource = new InputSource(
                context.getServletContext().getResourceAsStream(resourcePath));
     if (inputSource == null) {
                throw new IllegalArgumentException
                    (sm.getString("contextConfig.tldResourcePath",
                                  resourcePath));
     }
     tldScanStream(inputSource);

====
as you can see "if (inputSource == null)" can't never be executed because of the
previous new InputSource(...) line. Should be fixed with:

InputStream stream = context.getServletContext().getResourceAsStream(resourcePath);

  if (stream == null) {
    throw new IllegalArgumentException
      (sm.getString("contextConfig.tldResourcePath",
                    resourcePath));
  }

            inputSource = new InputSource(stream );

            tldScanStream(inputSource);
Comment 1 Yoav Shapira 2006-04-13 20:42:27 UTC
Good suggestion.  I've applied a slightly modified version of the patch which
does what you suggest but also checks for a null input source afterwards as the
current behavior does, just in case there's a regression possibility I'm not
aware of.  Better safe than sorry ;)  Thanks for contributing this.