[jira] [Commented] (XERCESJ-1759) Parsing xml cannot limit the maximum element depth, resulting in excessive memory usage and DOS.

Sat, 02 Sep 2023 04:48:05 -0700 


    [ 
https://issues.apache.org/jira/browse/XERCESJ-1759?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17761470#comment-17761470
 ] 

Elliotte Rusty Harold commented on XERCESJ-1759:
------------------------------------------------

The first question I'll ask is whether this is quadratic, exponential, or 
linear. A 20X increase in memory size from raw file to DOM is not unheard of in 
this space by any means. 

If you add a closing tag at the end does the memory use suddenly drop?  

It's possible you simply discovered that Xerces's DOM just isn't that memory 
efficient. 




> Parsing xml cannot limit the maximum element depth, resulting in excessive 
> memory usage and DOS.
> ------------------------------------------------------------------------------------------------
>
>                 Key: XERCESJ-1759
>                 URL: https://issues.apache.org/jira/browse/XERCESJ-1759
>             Project: Xerces2-J
>          Issue Type: Bug
>          Components: JAXP (javax.xml.parsers), JAXP (javax.xml.validation)
>    Affects Versions: 2.12.2
>            Reporter: shuailingliang
>            Priority: Major
>              Labels: security
>
> When parsing an xml file similar to the following by calling the 
> javax.xml.parsers.DocumentBuilder#parse(java.io.File) method, the elements 
> are nested layer by layer and there is no element closing tag. Since the 
> depth of elements cannot be verified, the array in 
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl#fElementStack will 
> continue to increase the number of QName objects, resulting in excessive 
> memory and DOS problems.
>  
> <?xml version=”1.0” encoding=”UTF-8” standalone=”no” ?>
> <A a=”1”><A a=”1”><A a=”1”><A a=”1”><A a=”1”><A a=”1”><A a=”1”><A a=”1”><A 
> a=”1”><A a=”1”><A a=”1”><A a=”1”><A a=”1”><A a=”1”><A a=”1”><A a=”1”><A 
> a=”1”><A a=”1”><A a=”1”><A a=”1”><A a=”1”><A a=”1”>…
>  
> After testing, we found that a file of 12.93M will cause an OOM exception in 
> a service with a maximum heap memory of 250M.
>  
> We checked the jdk information and found that we can limit the nesting depth 
> of xml elements by setting the system property jdk.xml.maxElementDepth. We 
> hope xerces can solve this problem.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-dev-h...@xerces.apache.org

Reply via email to