entitizeContent CDATA loop iterating too many times (causes assertion error or
ArrayIndexOutOfBoundsException in replace)
-------------------------------------------------------------------------------------------------------------------------
Key: XMLBEANS-404
URL: https://issues.apache.org/jira/browse/XMLBEANS-404
Project: XMLBeans
Issue Type: Bug
Affects Versions: Version 2.4
Reporter: Andrew Parker
Priority: Critical
In the entitizeContent routine in Saver.java there is a loop responsible for
modifying bad characters and the ">" in "]]>" when surrounding the text with
"<![CDATA[" and "]]>". The loop iterates _lastEmitCch times, but the first two
characters of the text have already been processed.
This causes problems in one of two rare scenarios:
The last character in _buf is a ']' and the next two unused characters are
']' and '>' respectively
The last two characters in _buf are both ']' and the next unused character is
a '>'
In these instances replace invokes System.arraycopy with invalid parameters as
i is outside of the normal _out/_in range resulting in an
ArrayIndexOutOfBoundsException or an assertion error is they are enabled.
In addition, the first two characters are not checked against isBadChar as
they're processed outside of this loop.
I believe that a quick and dirty fix for the ArrayIndexOutOfBoundsException
(but not isBadChar) would be to change this particular loop from:
for ( int cch = _lastEmitCch ; cch > 0 ; cch-- )
to
for ( int cch = _lastEmitCch ; cch > 2; cch-- )
We don't get the isBadChar problem, so I would be grateful if you could confirm
the quick and dirty fix above fixes the ArrayIndexOutOfBoundsException as I'd
like to patch our production system.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@xmlbeans.apache.org
For additional commands, e-mail: dev-h...@xmlbeans.apache.org
