[
https://issues.apache.org/jira/browse/XERCESJ-1401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karl Wright updated XERCESJ-1401:
---------------------------------
Attachment: _rsscache_8151189277828639951tmp
_rsscache_2819932159454940416tmp
_rsscache_966918958277376189tmp
These are some documents (which are in fact not really XML) that cause the
failure.
> When operating with "continue-after-fatal-error" set to true, it is possible
> to cause xerces to go into an infinite loop
> ------------------------------------------------------------------------------------------------------------------------
>
> Key: XERCESJ-1401
> URL: https://issues.apache.org/jira/browse/XERCESJ-1401
> Project: Xerces2-J
> Issue Type: Bug
> Components: SAX
> Affects Versions: 2.9.1
> Environment: jdk 1.5.0_20
> Reporter: Karl Wright
> Attachments: _rsscache_2819932159454940416tmp,
> _rsscache_8151189277828639951tmp, _rsscache_966918958277376189tmp,
> XMLStreamTest.java
>
>
> If the feature "continue-after-fatal-error" is enabled, AND a non-default
> error handler is used under SAX, it is possible with the right feed to cause
> the parser to hang in a tight infinite loop.
> Below see the fix delta (from our SVN, so the numbers will not match up with
> yours):
> Index: src/org/apache/xerces/impl/XMLDocumentScannerImpl.java
> ===================================================================
> --- src/org/apache/xerces/impl/XMLDocumentScannerImpl.java (revision
> 102478)
> +++ src/org/apache/xerces/impl/XMLDocumentScannerImpl.java (working copy)
> @@ -783,6 +783,8 @@
> else {
>
> reportFatalError("MarkupNotRecognizedInProlog",
> null);
> + // Don't loop forever!
> + fEntityScanner.scanChar();
> }
> }
> else if
> (isValidNameStartChar(fEntityScanner.peekChar())) {
> @@ -802,6 +804,8 @@
> else {
>
> reportFatalError("MarkupNotRecognizedInProlog",
> null);
> + // Don't loop forever!
> + fEntityScanner.scanChar();
> }
> break;
> }
> @@ -872,6 +876,8 @@
> }
> case SCANNER_STATE_REFERENCE: {
> reportFatalError("ReferenceIllegalInProlog",
> null);
> + // Don't loop forever!
> + fEntityScanner.scanChar();
> }
> }
> } while (complete || again);
> @@ -1277,6 +1283,8 @@
> else {
> reportFatalError("MarkupNotRecognizedInMisc",
> null);
> + // Skip forward one character, otherwise we
> loop forever.
> + fEntityScanner.scanChar();
> }
> break;
> }
> I will also be attaching a test harness and example documents as followup
> comments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
