[jira] Resolved: (XERCESJ-1398) Supplying document without content-type headers causes entire stream to be buffered in memory, even when using SAX API

Thu, 27 May 2010 12:42:01 -0700 

     [ 
https://issues.apache.org/jira/browse/XERCESJ-1398?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Glavassevich resolved XERCESJ-1398.
-------------------------------------------

    Fix Version/s: 2.10.0
       Resolution: Fixed

I had a change of heart on this one. There are some cases (involving byte 
sequences span buffers) where Xerces' built-in readers will hit this issue, 
causing a slow growing memory leak which is unlikely to be noticed unless 
you're dealing with gigabyte / terabyte sized documents. It is a leak 
nonetheless and I've fixed it in SVN rev 944964.

> Supplying document without content-type headers causes entire stream to be 
> buffered in memory, even when using SAX API
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: XERCESJ-1398
>                 URL: https://issues.apache.org/jira/browse/XERCESJ-1398
>             Project: Xerces2-J
>          Issue Type: Bug
>          Components: SAX
>    Affects Versions: 2.9.1
>         Environment: Debian Linux, Sun JDK 1.5.0_20
>            Reporter: Karl Wright
>            Assignee: Michael Glavassevich
>             Fix For: 2.10.0
>
>
> If the parser needs to autodetect the encoding of the input stream, it wraps 
> the input stream using the RewindableInputStream class within 
> XMLEntityManager.  But this class buffers everything that is read from the 
> stream, even after the autodetection is complete (and no possibility of 
> rewind being used exists anymore).  It is therefore trivial to submit XML to 
> xerces2-j which causes an "OutOfMemoryError" exception to be thrown, which 
> could lead to a denial of service under appropriate conditions.
> The fix I created for this involved adding a method "stopBuffering()" to the 
> RewindableInputStream class, which shuts off further buffering by that class. 
>  I call this method when the encoding has been decided upon (i.e. right 
> before createReader is called, everywhere).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to