Uploaded image for project: 'XMLBeans'
  1. XMLBeans
  2. XMLBEANS-512

SaxHandler should be reset on exception

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Workaround
    • Affects Version/s: Version 2.6
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      In SaxHandler, if an XML entity exceeds the entity byte limit, an exception is thrown. Too bad the counter is not being reset, so when the same SaxHandler parses another, valid XML message, the same exception is thrown again. This only happens when using the default XMLReader Piccolo, since its PiccoloSaxHandler is cached:

          private static SaxLoader getPiccoloSaxLoader()
          {
              SaxLoader piccoloLoader = (SaxLoader) SystemCache.get().getSaxLoader();
              if (piccoloLoader == null)
              {
                  piccoloLoader = PiccoloSaxLoader.newInstance();
                  SystemCache.get().setSaxLoader(piccoloLoader);
              }
              return piccoloLoader;
          }
      

      When using a differend XMLReader, everything is fine since the XMLReader is never cached:

              if (options.hasOption(XmlOptions.LOAD_USE_XMLREADER))
              {
                  XMLReader xr = (XMLReader) options.get(
                      XmlOptions.LOAD_USE_XMLREADER);
      
                  if (xr == null)
                      throw new IllegalArgumentException("XMLReader is null");
      
                  sl = new XmlReaderSaxLoader(xr);
      
                  // I've noticed that most XMLReaders don't like a null EntityResolver...
      
                  if (er != null)
                      xr.setEntityResolver(er);
              }
      

      The following example reproduces the problem:

      package xmlbeansbug;
      
      import java.io.IOException;
      import javax.xml.parsers.ParserConfigurationException;
      import javax.xml.parsers.SAXParserFactory;
      import org.apache.xmlbeans.XmlException;
      import org.apache.xmlbeans.XmlOptions;
      import org.apache.xmlbeans.impl.common.SystemCache;
      import org.apache.xmlbeans.impl.store.Locale;
      import org.xml.sax.SAXException;
      
      
      public class Bug {
      
        private static final String BILLION_LAUGHS = "<?xml version=\"1.0\"?>\n" +
            "<!DOCTYPE lolz [\n" +
            "    <!ENTITY lol \"lol\">\n" +
            "    <!ELEMENT lolz (#PCDATA)>\n" +
            "    <!ENTITY lol1 \"&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;\">\n" +
            "    <!ENTITY lol2 \"&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;\">\n" +
            "    <!ENTITY lol3 \"&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;\">\n" +
            "    <!ENTITY lol4 \"&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;\">\n" +
            "    <!ENTITY lol5 \"&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;\">\n" +
            "    <!ENTITY lol6 \"&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;\">\n" +
            "    <!ENTITY lol7 \"&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;\">\n" +
            "    <!ENTITY lol8 \"&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;\">\n" +
            "    <!ENTITY lol9 \"&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;\">\n" +
            "]>\n" +
            "<lolz>&lol9;</lolz>";
      
        private static final String VALID_XML = "<?xml version=\"1.0\"?>\n" +
            "<root>foobar</root>";
      
        public static void main(String[] args) throws IOException, SAXException, XmlException, ParserConfigurationException {
          new Bug().demonstrate();
        }
      
        private void demonstrate() throws IOException, SAXException, XmlException, ParserConfigurationException {
          Locale.parseToXmlObject(null, VALID_XML, null, new XmlOptions());
          System.out.println("1. Valid XML message was parsed successfully");
      
          try {
            Locale.parseToXmlObject(null, BILLION_LAUGHS, null, new XmlOptions());
          } catch (XmlException e) {
            System.err.println("2. Billion Laughs XML could not be parsed: " + e.getMessage());
          }
      
          try {
            Locale.parseToXmlObject(null, VALID_XML, null, new XmlOptions());
          } catch (XmlException e) {
            System.err.println("3. Now, parsing a valid XML message also throws an exception");
          }
      
          XmlOptions xmlOptions = new XmlOptions();
          xmlOptions.setLoadUseXMLReader(SAXParserFactory.newInstance().newSAXParser().getXMLReader());
          Locale.parseToXmlObject(null, VALID_XML, null, xmlOptions);
      
          System.out.println("4. When using a different parser, everything's fine");
      
          SystemCache.get().setSaxLoader(null);
          Locale.parseToXmlObject(null, VALID_XML, null, new XmlOptions());
      
          System.out.println("5. After resetting the cached SaxLoader, Piccolo works again");
        }
      }
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              micheljung Michel Jung
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: