[
https://issues.apache.org/jira/browse/XERCESJ-1398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12872338#action_12872338
]
Michael Glavassevich edited comment on XERCESJ-1398 at 5/27/10 3:43 PM:
------------------------------------------------------------------------
I had a change of heart on this one. There are some cases (involving byte
sequences span buffers) where Xerces' built-in readers will hit this issue,
causing a slow growing memory leak (which is unlikely to be noticed unless
you're dealing with gigabyte / terabyte sized documents). It is a leak
nonetheless and I've fixed it in SVN rev 944964.
was (Author: [email protected]):
I had a change of heart on this one. There are some cases (involving byte
sequences span buffers) where Xerces' built-in readers will hit this issue,
causing a slow growing memory leak which is unlikely to be noticed unless
you're dealing with gigabyte / terabyte sized documents. It is a leak
nonetheless and I've fixed it in SVN rev 944964.
> Slow growing memory leak from XMLEntityManager.RewindableInputStream.
> ---------------------------------------------------------------------
>
> Key: XERCESJ-1398
> URL: https://issues.apache.org/jira/browse/XERCESJ-1398
> Project: Xerces2-J
> Issue Type: Bug
> Components: SAX
> Affects Versions: 2.9.1
> Environment: Debian Linux, Sun JDK 1.5.0_20
> Reporter: Karl Wright
> Assignee: Michael Glavassevich
> Fix For: 2.10.0
>
>
> If the parser needs to autodetect the encoding of the input stream, it wraps
> the input stream using the RewindableInputStream class within
> XMLEntityManager. But this class buffers everything that is read from the
> stream, even after the autodetection is complete (and no possibility of
> rewind being used exists anymore). It is therefore trivial to submit XML to
> xerces2-j which causes an "OutOfMemoryError" exception to be thrown, which
> could lead to a denial of service under appropriate conditions.
> The fix I created for this involved adding a method "stopBuffering()" to the
> RewindableInputStream class, which shuts off further buffering by that class.
> I call this method when the encoding has been decided upon (i.e. right
> before createReader is called, everywhere).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
