[
https://issues.apache.org/jira/browse/XERCESJ-1398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12765254#action_12765254
]
Karl Wright commented on XERCESJ-1398:
--------------------------------------
Use the included code. Feed in an XML document that exceeds the java heap size
and see what happens.
import org.xml.sax.XMLReader;
import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.helpers.XMLReaderFactory;
import org.xml.sax.helpers.DefaultHandler;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import java.io.*;
/** This object allows easier control of an XML parsing stream than does
standard SAX.
*/
public class XMLStreamTest
{
/** Constructor. This does NOT actually execute the parse yet, because
we need the object before that makes any sense.
*/
public static void main(String[] argv)
{
try
{
XMLReader xr = XMLReaderFactory.createXMLReader();
xr.setContentHandler(new MyContentHandler());
xr.setErrorHandler(new MyErrorHandler());
xr.setEntityResolver(new MyEntityResolver());
xr.setFeature("http://apache.org/xml/features/continue-after-fatal-error",true);
File f = new File(argv[0]);
InputStream is = new FileInputStream(f);
try
{
InputSource isc = new InputSource(is);
xr.parse(isc);
}
finally
{
is.close();
}
}
catch (Exception e)
{
e.printStackTrace();
}
}
protected static class MyContentHandler extends DefaultHandler
{
public void characters(char[] ch, int start, int length)
throws SAXException
{
super.characters(ch,start,length);
}
public void startElement(String namespaceURI, String localName,
String qName, Attributes atts)
throws SAXException
{
super.startElement(namespaceURI,localName,qName,atts);
}
public void endElement(String namespaceURI, String localName,
String qName)
throws SAXException
{
super.endElement(namespaceURI,localName,qName);
}
public void startDocument()
throws SAXException
{
super.startDocument();
}
public void endDocument()
throws SAXException
{
super.endDocument();
}
}
protected static class MyErrorHandler extends DefaultHandler
{
public void fatalError(SAXParseException exception)
throws SAXException
{
super.fatalError(exception);
}
}
protected static class MyEntityResolver implements
org.xml.sax.EntityResolver
{
public org.xml.sax.InputSource resolveEntity(java.lang.String
publicId, java.lang.String systemId)
throws SAXException, java.io.IOException
{
// ALL references resolve to blank documents
return new org.xml.sax.InputSource(new
ByteArrayInputStream("<?xml version='1.0' encoding='UTF-8'?>".getBytes()));
}
}
}
> Supplying document without content-type headers causes entire stream to be
> buffered in memory, even when using SAX API
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: XERCESJ-1398
> URL: https://issues.apache.org/jira/browse/XERCESJ-1398
> Project: Xerces2-J
> Issue Type: Bug
> Components: SAX
> Affects Versions: 2.9.1
> Environment: Debian Linux, Sun JDK 1.5.0_20
> Reporter: Karl Wright
>
> If the parser needs to autodetect the encoding of the input stream, it wraps
> the input stream using the RewindableInputStream class within
> XMLEntityManager. But this class buffers everything that is read from the
> stream, even after the autodetection is complete (and no possibility of
> rewind being used exists anymore). It is therefore trivial to submit XML to
> xerces2-j which causes an "OutOfMemoryError" exception to be thrown, which
> could lead to a denial of service under appropriate conditions.
> The fix I created for this involved adding a method "stopBuffering()" to the
> RewindableInputStream class, which shuts off further buffering by that class.
> I call this method when the encoding has been decided upon (i.e. right
> before createReader is called, everywhere).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
