Return-Path: Delivered-To: apmail-xerces-j-dev-archive@www.apache.org Received: (qmail 96993 invoked from network); 27 May 2010 19:36:00 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 27 May 2010 19:36:00 -0000 Received: (qmail 84893 invoked by uid 500); 27 May 2010 19:36:00 -0000 Delivered-To: apmail-xerces-j-dev-archive@xerces.apache.org Received: (qmail 84863 invoked by uid 500); 27 May 2010 19:36:00 -0000 Mailing-List: contact j-dev-help@xerces.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: j-dev@xerces.apache.org Delivered-To: mailing list j-dev@xerces.apache.org Received: (qmail 84856 invoked by uid 99); 27 May 2010 19:36:00 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 May 2010 19:36:00 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 May 2010 19:35:58 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o4RJZap4028700 for ; Thu, 27 May 2010 19:35:37 GMT Message-ID: <13983384.30761274988936197.JavaMail.jira@thor> Date: Thu, 27 May 2010 15:35:36 -0400 (EDT) From: "Michael Glavassevich (JIRA)" To: j-dev@xerces.apache.org Subject: [jira] Reopened: (XERCESJ-1398) Supplying document without content-type headers causes entire stream to be buffered in memory, even when using SAX API In-Reply-To: <1461649363.1255463791559.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/XERCESJ-1398?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Glavassevich reopened XERCESJ-1398: ------------------------------------------- Assignee: Michael Glavassevich > Supplying document without content-type headers causes entire stream to be buffered in memory, even when using SAX API > ---------------------------------------------------------------------------------------------------------------------- > > Key: XERCESJ-1398 > URL: https://issues.apache.org/jira/browse/XERCESJ-1398 > Project: Xerces2-J > Issue Type: Bug > Components: SAX > Affects Versions: 2.9.1 > Environment: Debian Linux, Sun JDK 1.5.0_20 > Reporter: Karl Wright > Assignee: Michael Glavassevich > > If the parser needs to autodetect the encoding of the input stream, it wraps the input stream using the RewindableInputStream class within XMLEntityManager. But this class buffers everything that is read from the stream, even after the autodetection is complete (and no possibility of rewind being used exists anymore). It is therefore trivial to submit XML to xerces2-j which causes an "OutOfMemoryError" exception to be thrown, which could lead to a denial of service under appropriate conditions. > The fix I created for this involved adding a method "stopBuffering()" to the RewindableInputStream class, which shuts off further buffering by that class. I call this method when the encoding has been decided upon (i.e. right before createReader is called, everywhere). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org For additional commands, e-mail: j-dev-help@xerces.apache.org