xerces-j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Glavassevich (JIRA)" <xerces-j-...@xml.apache.org>
Subject [jira] Resolved: (XERCESJ-1398) Supplying document without content-type headers causes entire stream to be buffered in memory, even when using SAX API
Date Thu, 27 May 2010 19:41:36 GMT

     [ https://issues.apache.org/jira/browse/XERCESJ-1398?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Michael Glavassevich resolved XERCESJ-1398.
-------------------------------------------

    Fix Version/s: 2.10.0
       Resolution: Fixed

I had a change of heart on this one. There are some cases (involving byte sequences span buffers)
where Xerces' built-in readers will hit this issue, causing a slow growing memory leak which
is unlikely to be noticed unless you're dealing with gigabyte / terabyte sized documents.
It is a leak nonetheless and I've fixed it in SVN rev 944964.

> Supplying document without content-type headers causes entire stream to be buffered in
memory, even when using SAX API
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: XERCESJ-1398
>                 URL: https://issues.apache.org/jira/browse/XERCESJ-1398
>             Project: Xerces2-J
>          Issue Type: Bug
>          Components: SAX
>    Affects Versions: 2.9.1
>         Environment: Debian Linux, Sun JDK 1.5.0_20
>            Reporter: Karl Wright
>            Assignee: Michael Glavassevich
>             Fix For: 2.10.0
>
>
> If the parser needs to autodetect the encoding of the input stream, it wraps the input
stream using the RewindableInputStream class within XMLEntityManager.  But this class buffers
everything that is read from the stream, even after the autodetection is complete (and no
possibility of rewind being used exists anymore).  It is therefore trivial to submit XML to
xerces2-j which causes an "OutOfMemoryError" exception to be thrown, which could lead to a
denial of service under appropriate conditions.
> The fix I created for this involved adding a method "stopBuffering()" to the RewindableInputStream
class, which shuts off further buffering by that class.  I call this method when the encoding
has been decided upon (i.e. right before createReader is called, everywhere).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-dev-help@xerces.apache.org


Mime
View raw message