You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Henrik Rueping (Jira)" <ji...@apache.org> on 2021/08/13 12:46:00 UTC

[jira] [Created] (MNG-7213) StackOverflowError when version ranges are unsolvable and graph contains a cycle

Henrik Rueping created MNG-7213:
-----------------------------------

             Summary: StackOverflowError when version ranges are unsolvable and graph contains a cycle
                 Key: MNG-7213
                 URL: https://issues.apache.org/jira/browse/MNG-7213
             Project: Maven
          Issue Type: Bug
    Affects Versions: 3.8.1, 3.6.3
            Reporter: Henrik Rueping


I encountered a very similar situation as described in MNG-6737. 



It happens when I want to find the transitive dependencies of the Artifact

org.webjars.npm:babel-core:6.0.16

I tried the Maven-goal dependency:tree on a Maven-Project with only this Artifact in the pom. 

With Maven 3.6.3 I got a StackOverflowError (with a similar Stacktrace as below. The accept get repeated).

With Maven 3.8.1 it took considerably longer and ended in an OutOfMemoryError (same Stacktrace).

The same behaviour happens of course if I want to view the transitive dependencies of my 
project in Eclipse.

I also tried to calculate the transitive dependencies in java itself, and I found that the Threads are stuck in a stacktrace of the form:

 
{code:java}
Thread [main] (Suspended) Stack<E>.get(int) line: 75
 AbstractList$Itr.next() line: 358
 Stack<E>(AbstractCollection<E>).contains(Object) line: 106 PathRecordingDependencyVisitor.visitEnter(DependencyNode) line: 99 DefaultDependencyNode.accept(DependencyVisitor) line: 343 DefaultDependencyNode.accept(DependencyVisitor) line: 347
 
(... omitted many Repititions...)

DefaultDependencyNode.accept(DependencyVisitor) line: 347 NearestVersionSelector.newFailure(ConflictResolver$ConflictContext) line: 158 NearestVersionSelector.backtrack(NearestVersionSelector$ConflictGroup, ConflictResolver$ConflictContext) line: 120 NearestVersionSelector.selectVersion(ConflictResolver$ConflictContext) line: 93 ConflictResolver.transformGraph(DependencyNode, DependencyGraphTransformationContext) line: 180 
ChainedDependencyGraphTransformer.transformGraph(DependencyNode, DependencyGraphTransformationContext) line: 80
DefaultDependencyCollector.collectDependencies(RepositorySystemSession, CollectRequest) line: 273 DefaultRepositorySystem.collectDependencies(RepositorySystemSession, CollectRequest) line: 284
     
(..ommitted own code...)
{code}
I used:
org.apache.maven:maven-resolver-provider:3.8.1
org.apache.maven.resolver:maven-resolver-util:1.6.2

I used ArtifactDescriptorPolicy.STRICT (maybe this setting makes a difference).

So maybe it is not even a Bug, and it just happens that org.webjars.npm:babel-core:6.0.16 behaves a bit like a Zip-Bomb for Maven and there is nothing one can do here.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)