The error is originated from acquireTemplateSource()
private Object acquireTemplateSource(String path) throws IOException
{
int asterisk = path.indexOf(ASTERISK);
// Shortcut in case there is no acquisition
if(asterisk == -1)
{
return mainLoader.findTemplateSource(path);
}
StringTokenizer tok = new StringTokenizer(path, "/");
int lastAsterisk = -1;
List tokpath = new ArrayList();
while(tok.hasMoreTokens())
{
String pathToken = tok.nextToken();
if(pathToken.equals(ASTERISKSTR))
{
if(lastAsterisk != -1)
{
tokpath.remove(lastAsterisk);
}
lastAsterisk = tokpath.size();
}
tokpath.add(pathToken);
}
String basePath = concatPath(tokpath, 0, lastAsterisk);
Within concatPath(tokpath, 0, lastAsterisk); we provide -1 as lastAsterisk and within the method concatPath a new StringBuffer is created with a negative size which results in this exception :
Caused by: java.lang.NegativeArraySizeException: null
at java.lang.AbstractStringBuilder.<init>(AbstractStringBuilder.java:45) ~[na:1.6.0_37]
at java.lang.StringBuffer.<init>(StringBuffer.java:91) ~[na:1.6.0_37]
at freemarker.cache.TemplateCache.concatPath(TemplateCache.java:650) ~[freemarker-2.3.16.jar:2.3.16]
at freemarker.cache.TemplateCache.acquireTemplateSource(TemplateCache.java:618) ~[freemarker-2.3.16.jar:2.3.16]
at freemarker.cache.TemplateCache.findTemplateSource(TemplateCache.java:590) ~[freemarker-2.3.16.jar:2.3.16]
at freemarker.cache.TemplateCache.getTemplate(TemplateCache.java:347) ~[freemarker-2.3.16.jar:2.3.16]
at freemarker.cache.TemplateCache.getTemplate(TemplateCache.java:235) ~[freemarker-2.3.16.jar:2.3.16]
at freemarker.template.Configuration.getTemplate(Configuration.java:488) ~[freemarker-2.3.16.jar:2.3.16]
at freemarker.template.Configuration.getTemplate(Configuration.java:459) ~[freemarker-2.3.16.jar:2.3.16]
The parameter given to acquireTemplateSource was /GB/ab*cd/index.jsp
That's not the proper error for sure, but
"/GB/ab*cd/index.jsp"
wouldn't work anyway, as the*
must be the only character in the path step.Indeed, that's also what I understand from the code.
However if a visitor from our website enters this url manually, we want to display a 404, this however isn't possible now because we get this exception.
I guess it can be a FileNotFoundException in 2.3.20. I will check and see.
However, missing templates usually shouldn't mean 404, they are 500. That's because the public URL should not directly address a template, but an "action" or some other MVC Controller-defined URL, and if there's no template behind an URL that exists according to the Controller, then that's clearly an internal application issue. Also, allowing users to directly specify template names has security implications, and with 2.3.16 you are already behind with two related security fixes (see change logs). So be careful with what
TemplateLoader
you are using.Last edit: Dániel Dékány 2013-06-20
Fixed on Git, will be released with 2.3.20.
Fixed in 2.3.20.