You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Tamas Cservenak (Jira)" <ji...@apache.org> on 2023/02/15 13:24:00 UTC
[jira] [Commented] (MNG-7213) StackOverflowError when version ranges are unsolvable and graph contains a cycle
[ https://issues.apache.org/jira/browse/MNG-7213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17689119#comment-17689119 ]
Tamas Cservenak commented on MNG-7213:
--------------------------------------
With MRESOLVER-316 issue fixed in resolver (and using same demo code as mentioned above) this is now the output of resolver:
[https://gist.github.com/cstamas/913c14086e2911abbbb627653b542e85]
> StackOverflowError when version ranges are unsolvable and graph contains a cycle
> --------------------------------------------------------------------------------
>
> Key: MNG-7213
> URL: https://issues.apache.org/jira/browse/MNG-7213
> Project: Maven
> Issue Type: Bug
> Affects Versions: 3.6.3, 3.8.1
> Reporter: Henrik Rueping
> Priority: Major
> Fix For: waiting-for-feedback
>
> Attachments: babelcoreresolver.zip, babelcoreresolver15.zip
>
>
> I encountered a very similar situation as described in MNG-6737.
> It happens when I want to find the transitive dependencies of the Artifact
> org.webjars.npm:babel-core:6.0.16
> I tried the Maven-goal dependency:tree on a Maven-Project with only this Artifact in the pom.
> With Maven 3.6.3 I got a StackOverflowError (with a similar Stacktrace as below. The accept get repeated).
> With Maven 3.8.1 it took considerably longer and ended in an OutOfMemoryError (same Stacktrace).
> The same behaviour happens of course if I want to view the transitive dependencies of my
> project in Eclipse.
> I also tried to calculate the transitive dependencies in java itself, and I found that the Threads are stuck in a stacktrace of the form:
>
> {code:java}
> Thread [main] (Suspended) Stack<E>.get(int) line: 75
> AbstractList$Itr.next() line: 358
> Stack<E>(AbstractCollection<E>).contains(Object) line: 106 PathRecordingDependencyVisitor.visitEnter(DependencyNode) line: 99 DefaultDependencyNode.accept(DependencyVisitor) line: 343 DefaultDependencyNode.accept(DependencyVisitor) line: 347
>
> (... omitted many Repititions...)
> DefaultDependencyNode.accept(DependencyVisitor) line: 347 NearestVersionSelector.newFailure(ConflictResolver$ConflictContext) line: 158 NearestVersionSelector.backtrack(NearestVersionSelector$ConflictGroup, ConflictResolver$ConflictContext) line: 120 NearestVersionSelector.selectVersion(ConflictResolver$ConflictContext) line: 93 ConflictResolver.transformGraph(DependencyNode, DependencyGraphTransformationContext) line: 180
> ChainedDependencyGraphTransformer.transformGraph(DependencyNode, DependencyGraphTransformationContext) line: 80
> DefaultDependencyCollector.collectDependencies(RepositorySystemSession, CollectRequest) line: 273 DefaultRepositorySystem.collectDependencies(RepositorySystemSession, CollectRequest) line: 284
>
> (..ommitted own code...)
> {code}
> I used:
> org.apache.maven:maven-resolver-provider:3.8.1
> org.apache.maven.resolver:maven-resolver-util:1.6.2
> I used ArtifactDescriptorPolicy.STRICT (maybe this setting makes a difference).
> So maybe it is not even a Bug, and it just happens that org.webjars.npm:babel-core:6.0.16 behaves a bit like a Zip-Bomb for Maven and there is nothing one can do here.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)