xalan-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steven J. Hathaway (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (XALANC-743) XalanOutputStream::transcode falls into infinite loop on 4 bytes unicode till out of memory
Date Sun, 28 Apr 2013 23:10:16 GMT

    [ https://issues.apache.org/jira/browse/XALANC-743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13644163#comment-13644163

Steven J. Hathaway commented on XALANC-743:


The current version of Xalan-C (XSLT) is 1.11 and uses Xerces-C (XML 
Parser) versions 3.0 or newer.
The distribution Xalan-C 1.11 is built using Xerces-C version 3.1.1.

The older Xalan-C (XSLT) version 1.10 was built using Xerces-C version 2.7.
The latest Xerces-C in the (2) series is version 2.8.

Steven J. Hathaway

> XalanOutputStream::transcode falls into infinite loop on 4 bytes unicode till out of
> -------------------------------------------------------------------------------------------
>                 Key: XALANC-743
>                 URL: https://issues.apache.org/jira/browse/XALANC-743
>             Project: XalanC
>          Issue Type: Bug
>          Components: XalanC
>    Affects Versions: 1.10
>         Environment: Linux
>            Reporter: Jiangbei Fan
>            Assignee: Steven J. Hathaway
> In some rare cases, XalanTransformer::transform would stuck or crash when the input/stylesheet
contains 4-byte unicode. And I traced down the root cause in XalanOutputStream::transcode
> When the transcode buffer contains unicode of size 4 bytes, and the last XalanDOMChar
in the buffer is the first 2 bytes of a 4-byte unicode char. The XalanOutputStream::transcode
will fall into an infinite loop till it is out of memory. As XMLUTF8Transcoder.cpp in xerces
will not consume the last 2-bytes if it is part of 4 byte unicode. And transcode always loop
until all chars in the buffer is eaten. Specifically this will happen when the last XalanDOMChar
 in the input buffer is between 0xD800 and 0xDBFF.
> I cannot find whether this issue has been reported before. This is version 1.10.  I do
have a fix to add a bool reference to the function, so that the caller can push the last 2
byte back to the buffer if not consumed. But want to check it out before submit any fixes.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@xalan.apache.org
For additional commands, e-mail: dev-help@xalan.apache.org

View raw message