Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DatatypeConverter.parseBoolean converts invalid strings to true #1695

Closed
johannesherr opened this issue Jan 30, 2023 · 1 comment · Fixed by #1741
Closed

DatatypeConverter.parseBoolean converts invalid strings to true #1695

johannesherr opened this issue Jan 30, 2023 · 1 comment · Fixed by #1741

Comments

@johannesherr
Copy link

johannesherr commented Jan 30, 2023
edited
Loading

The method parseBoolean in javax.xml.bind.DatatypeConverterImpl is supposed to convert only the values "true" and "1" to true (while ignoring leading and trailing whitespace). It, however, converts all strings to true that start with "tru" and are 4-5 characters long. For example:

DatatypeConverter.parseBoolean("trux"); // -> true
DatatypeConverter.parseBoolean("truu"); // -> true
DatatypeConverter.parseBoolean("truxx"); // -> true
DatatypeConverter.parseBoolean("truuu"); // -> true

This is caused by these segments in parseBoolean:

case 't':
    String strTrue = "rue";
    do {
        ch = literal.charAt(i++);
    } while ((strTrue.charAt(strIndex++) == ch) && i < len && strIndex < 3);

    if (strIndex == 3) {
        value = true;
    } else {
        return false;
    }

and:

if (i < len) {
    do {
        ch = literal.charAt(i++);
    } while (WhiteSpaceProcessor.isWhiteSpace(ch) && i < len);
}

if (i == len) {
    return value;
} else {
    return null;
}

In the first snippet value is assigned true also when the loop was left after comparing the third character, because the expression strTrue.charAt(strIndex++) == ch was false (that is when there is as mismatch between 'e' and the current character). strIndex will still be 3 (because it is incremented unconditionally).

That explains why "trux" is converter to true. The second snippet explains why the additional character in "truxx" is also ignored. If we haven't read the input completely the second input checks if there is whitespace to ignore. However it also uses an unconditional increment of the reading position, which causes the code to skip over the offending last character. Therefore i == len holds and the previously assigned true is returned.
@antoniosanct
Copy link
Contributor

antoniosanct commented Aug 24, 2023
edited
Loading

Hi, @johannesherr:
According to DatatypeConverterImpl javadoc, this class is deprecated and it would remove at any moment. In fact, the same comment recommends the use of jakartaee/jaxb-api version. Please, open an issue in this project.

https://github.com/jakartaee/jaxb-api/blob/master/api/src/main/java/jakarta/xml/bind/DatatypeConverterImpl.java

A possible solution:

case 't':
    String strTrue = "rue";
    do {
        ch = literal.charAt(i++);
    } while ((strTrue.charAt(strIndex++) == ch) && i < len && strIndex < 3);

    if (strTrue.charAt(strIndex-1) == literal.charAt(i-1)) {
        value = true;
    } else {
        return false;
    }

Regards,
Antonio.

laurentschoelens added a commit to laurentschoelens/jaxb-ri that referenced this issue Sep 6, 2023
@laurentschoelens
[eclipse-ee4j#1695] Fix parsing of 'tru...' values inconsistent to tr…
78ea12b 
…ue boolean
@laurentschoelens laurentschoelens mentioned this issue Sep 6, 2023
Merged
laurentschoelens added a commit to laurentschoelens/jaxb-ri that referenced this issue Sep 17, 2023
@laurentschoelens
[eclipse-ee4j#1695] Fix parsing of 'tru...' values inconsistent to tr…
0af9676 
…ue boolean

impl now has same results as api but returning null
instead of exception according to jakartaee/jaxb-api#240
laurentschoelens added a commit to laurentschoelens/jaxb-ri that referenced this issue Sep 17, 2023
@laurentschoelens
[eclipse-ee4j#1695] Fix parsing of 'tru...' values inconsistent to tr…
70e116f 
…ue boolean

impl now has same results as api but returning null
instead of exception according to jakartaee/jaxb-api#240
lukasj pushed a commit that referenced this issue Oct 6, 2023
@laurentschoelens @lukasj
[#1695] Fix parsing of 'tru...' values inconsistent to true boolean
36eb718 
impl now has same results as api but returning null
instead of exception according to jakartaee/jaxb-api#240
lukasj pushed a commit to lukasj/jaxb-ri that referenced this issue Oct 9, 2023
@laurentschoelens @lukasj
[eclipse-ee4j#1695] Fix parsing of 'tru...' values inconsistent to tr…
0d6e691 
…ue boolean

impl now has same results as api but returning null
instead of exception according to jakartaee/jaxb-api#240

(cherry picked from commit 36eb718)
lukasj pushed a commit that referenced this issue Oct 13, 2023
@laurentschoelens @lukasj
[#1695] Fix parsing of 'tru...' values inconsistent to true boolean
327a231 
impl now has same results as api but returning null
instead of exception according to jakartaee/jaxb-api#240

(cherry picked from commit 36eb718)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[#1695] Fix parsing of 'tru...' values inconsistent to true boolean laurentschoelens/jaxb-ri
2 participants
@antoniosanct @johannesherr