8284548: Invalid XPath expression causes StringIndexOutOfBoundsException

Reviewed-by: bae Backport-of: e58378a58e91bd10fc60031148b558230d43686f
2025-12-10 10:13:47 -06:00 · 2022-04-08 14:06:47 +02:00 · 2022-04-08 14:06:47 +02:00 · e4d4fcf030
commit e4d4fcf030
parent aabcc6de72
2 changed files with 54 additions and 2 deletions
--- a/jaxp/src/com/sun/org/apache/xpath/internal/compiler/Lexer.java
+++ b/jaxp/src/com/sun/org/apache/xpath/internal/compiler/Lexer.java
@ -27,7 +27,6 @@ import java.util.Vector;
 import com.sun.org.apache.xalan.internal.res.XSLMessages;
 import com.sun.org.apache.xml.internal.utils.PrefixResolver;
 import com.sun.org.apache.xpath.internal.res.XPATHErrorResources;
-import java.util.Objects;
 import javax.xml.transform.TransformerException;
 import jdk.xml.internal.XMLSecurityManager;
 import jdk.xml.internal.XMLSecurityManager.Limit;
@ -450,7 +449,7 @@ class Lexer
   * @return the next char
   */
  private char peekNext(String s, int index) {
-      if (index >= 0 && s.length() > index) {
+      if (index >= 0 && index < s.length() - 1) {
          return s.charAt(index + 1);
      }
      return 0;
--- a/jdk/test/javax/xml/jaxp/XPath/InvalidXPath.java
+++ b/jdk/test/javax/xml/jaxp/XPath/InvalidXPath.java
@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2022, SAP SE. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8284548
+ * @summary Test whether the expected exception is thrown when
+ *           trying to compile an invalid XPath expression.
+ * @run main InvalidXPath
+ */
+
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+
+public class InvalidXPath {
+
+    public static void main(String... args) {
+        // define an invalid XPath expression
+        final String invalidXPath = ">>";
+
+        // expect XPathExpressionException when the invalid XPath expression is compiled
+        try {
+            XPathFactory.newInstance().newXPath().compile(invalidXPath);
+        } catch (XPathExpressionException e) {
+            System.out.println("Caught expected exception: " + e.getClass().getName() +
+                    "(" + e.getMessage() + ").");
+        } catch (Exception e) {
+            System.out.println("Caught unexpected exception: " + e.getClass().getName() +
+                    "(" + e.getMessage() + ")!");
+            throw e;
+        }
+    }
+}