[jira] [Commented] (IVYDE-354) xml bomb in workspace causes hang in Ivy code during Search or Synchronize operations

Thu, 19 Dec 2013 03:40:09 -0800 

    [ 
https://issues.apache.org/jira/browse/IVYDE-354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13852824#comment-13852824
 ] 

Matt Hillsdon commented on IVYDE-354:
-------------------------------------

Thanks for the quick response.  I've tested the Jenkins build with this change 
and it works fine.

> xml bomb in workspace causes hang in Ivy code during Search or Synchronize 
> operations
> -------------------------------------------------------------------------------------
>
>                 Key: IVYDE-354
>                 URL: https://issues.apache.org/jira/browse/IVYDE-354
>             Project: IvyDE
>          Issue Type: Bug
>          Components: ivy editor, ivysettings editor
>    Affects Versions: 2.2.0.final
>            Reporter: Matt Hillsdon
>            Assignee: Nicolas Lalevée
>             Fix For: trunk
>
>         Attachments: content-type.patch
>
>
> My Eclipse workspace contains a number of XML file test cases for various 
> projects.  These include several with examples of "XML bombs" / Billion laugh 
> attacks.  See http://en.wikipedia.org/wiki/Billion_laughs for an example.
> These did not cause an issue for Eclipse until I installed IvyDE.  I now get 
> hangs during workspace searches and SVN synchronize operations when they hit 
> these files.  This is easiest to reproduce by doing a full workspace text 
> search.
> IvyDE implements its own subclasses of XMLContentDescriber, which perform a 
> full SAX parse of the XML file.  Looking at other Eclipse plugins in this 
> area, it seems there is support for identifying the root element provided by 
> XMLRootElementContentDescriber2.  Switching to this does not exhibit the same 
> issues (presumably down to their XML parser configuration).  I've attached a 
> sample patch.  My patch doesn't delete the Ivy(File|Settings)ContentDescriber 
> classes, which are no longer used.
> This does involve a behaviour change in that it only recognises ivy files by 
> the root XML element.  Are there valid IvyDE uses for ivy-module / 
> ivy-settings files that are embedded in other XML elements?
> Example trace:
> "Worker-11" prio=10 tid=0x09983c00 nid=0x7c1c runnable [0x5feb8000]
>    java.lang.Thread.State: RUNNABLE
>         at org.apache.xerces.impl.XMLEntityScanner.scanContent(Unknown Source)
>         at 
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanContent(Unknown 
> Source)
>         at 
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
>  Source)
>         at 
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown 
> Source)
>         at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>         at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>         at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>         at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
>         at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown 
> Source)
>         at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source)
>         at 
> org.apache.ivyde.internal.eclipse.XMLHelper.parse(XMLHelper.java:76)
>         at 
> org.apache.ivyde.internal.eclipse.ui.editors.IvyFileContentDescriber.checkCriteria(IvyFileContentDescriber.java:70)
>         at 
> org.apache.ivyde.internal.eclipse.ui.editors.IvyFileContentDescriber.describe(IvyFileContentDescriber.java:53)
>         at 
> org.eclipse.core.internal.content.ContentTypeCatalog.describe(ContentTypeCatalog.java:218)
>  ... 



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Reply via email to