Spencer Stecko created XERCESC-2234:
---------------------------------------
Summary: Xerces does not correctly interpret negative jaxp
processing limits as "NO LIMIT"
Key: XERCESC-2234
URL: https://issues.apache.org/jira/browse/XERCESC-2234
Project: Xerces-C++
Issue Type: Bug
Components: Validating Parser (XML Schema)
Affects Versions: 3.2.3
Reporter: Spencer Stecko
According to the oracle documentation, many of the limits to jaxp processing
settings can be set to zero or a number less than zero to indicate no limit:
[https://docs.oracle.com/javase/tutorial/jaxp/limits/limits.html]
However, when I do this (with jdk.xml.maxOccurLimit), I get the following stack
trace:
{code:java}
Caused by: org.xml.sax.SAXParseException: Current configuration of the parser
doesn't allow the expansion of a content model for a complex type to contain
more than -1 nodes.
at
com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:204)
at
com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178)
at
com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400)
at
com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.reportSchemaErr(XSDHandler.java:4253)
at
com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.reportSchemaFatalError(XSDHandler.java:4232)
at
com.sun.org.apache.xerces.internal.impl.xs.traversers.XSAttributeChecker.reportSchemaFatalError(XSAttributeChecker.java:1569)
at
com.sun.org.apache.xerces.internal.impl.xs.traversers.XSAttributeChecker.checkAttributes(XSAttributeChecker.java:1201)
at
com.sun.org.apache.xerces.internal.impl.xs.traversers.XSAttributeChecker.checkAttributes(XSAttributeChecker.java:960)
at
com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDAbstractParticleTraverser.traverseSeqChoice(XSDAbstractParticleTraverser.java:204)
at
com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDAbstractParticleTraverser.traverseSequence(XSDAbstractParticleTraverser.java:160)
at
com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDComplexTypeTraverser.processComplexContent(XSDComplexTypeTraverser.java:1043)
at
com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDComplexTypeTraverser.traverseComplexTypeDecl(XSDComplexTypeTraverser.java:335)
at
com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDComplexTypeTraverser.traverseGlobal(XSDComplexTypeTraverser.java:191)
at
com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.traverseSchemas(XSDHandler.java:1479)
at
com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.parseSchema(XSDHandler.java:662)
at
com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadSchema(XMLSchemaLoader.java:617)
at
com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadGrammar(XMLSchemaLoader.java:576)
at
com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadGrammar(XMLSchemaLoader.java:542)
at
com.sun.org.apache.xerces.internal.jaxp.validation.XMLSchemaFactory.newSchema(XMLSchemaFactory.java:276)
at javax.xml.validation.SchemaFactory.newSchema(SchemaFactory.java:669)
{code}
I have no idea what this repo I found is, but it appears to include some sort
of mirror of the apache xerces codebase, and the bug is clearly visible here:
[https://github.com/elastic/openjdkMirror/blob/f437b1097e6a395e91382cdfc7ec94355b554c51/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java#L378]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
