ant-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicolas Lalevée (JIRA) <j...@apache.org>
Subject [jira] [Resolved] (IVYDE-354) xml bomb in workspace causes hang in Ivy code during Search or Synchronize operations
Date Sat, 14 Dec 2013 17:15:07 GMT

     [ https://issues.apache.org/jira/browse/IVYDE-354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Nicolas Lalevée resolved IVYDE-354.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: trunk
         Assignee: Nicolas Lalevée

I didn't know about these XML bombs, that is fun !
When I implemented this, I also copy cat another plugin, probably the ant one. But the method
you find works perfectly. Patch applied. Thanks !

> xml bomb in workspace causes hang in Ivy code during Search or Synchronize operations
> -------------------------------------------------------------------------------------
>
>                 Key: IVYDE-354
>                 URL: https://issues.apache.org/jira/browse/IVYDE-354
>             Project: IvyDE
>          Issue Type: Bug
>          Components: ivy editor, ivysettings editor
>    Affects Versions: 2.2.0.final
>            Reporter: Matt Hillsdon
>            Assignee: Nicolas Lalevée
>             Fix For: trunk
>
>         Attachments: content-type.patch
>
>
> My Eclipse workspace contains a number of XML file test cases for various projects. 
These include several with examples of "XML bombs" / Billion laugh attacks.  See http://en.wikipedia.org/wiki/Billion_laughs
for an example.
> These did not cause an issue for Eclipse until I installed IvyDE.  I now get hangs during
workspace searches and SVN synchronize operations when they hit these files.  This is easiest
to reproduce by doing a full workspace text search.
> IvyDE implements its own subclasses of XMLContentDescriber, which perform a full SAX
parse of the XML file.  Looking at other Eclipse plugins in this area, it seems there is support
for identifying the root element provided by XMLRootElementContentDescriber2.  Switching to
this does not exhibit the same issues (presumably down to their XML parser configuration).
 I've attached a sample patch.  My patch doesn't delete the Ivy(File|Settings)ContentDescriber
classes, which are no longer used.
> This does involve a behaviour change in that it only recognises ivy files by the root
XML element.  Are there valid IvyDE uses for ivy-module / ivy-settings files that are embedded
in other XML elements?
> Example trace:
> "Worker-11" prio=10 tid=0x09983c00 nid=0x7c1c runnable [0x5feb8000]
>    java.lang.Thread.State: RUNNABLE
>         at org.apache.xerces.impl.XMLEntityScanner.scanContent(Unknown Source)
>         at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanContent(Unknown
Source)
>         at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
>         at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
>         at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>         at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>         at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>         at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
>         at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
>         at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source)
>         at org.apache.ivyde.internal.eclipse.XMLHelper.parse(XMLHelper.java:76)
>         at org.apache.ivyde.internal.eclipse.ui.editors.IvyFileContentDescriber.checkCriteria(IvyFileContentDescriber.java:70)
>         at org.apache.ivyde.internal.eclipse.ui.editors.IvyFileContentDescriber.describe(IvyFileContentDescriber.java:53)
>         at org.eclipse.core.internal.content.ContentTypeCatalog.describe(ContentTypeCatalog.java:218)
>  ... 



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Mime
View raw message