You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Ingomar Otter (Updated) (JIRA)" <ji...@apache.org> on 2012/02/14 18:32:00 UTC
[jira] [Updated] (JCR-3235) ArrayIndexOfOufBounds in
TargetImportHandler$BufferedStringValue.append()
[ https://issues.apache.org/jira/browse/JCR-3235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ingomar Otter updated JCR-3235:
-------------------------------
Description:
I've encountered an ArrayIndexOutOfBounds in 2.2.10 when using Session.importXML of larger documents.
It appears that buffer size calculation is wrong. That error should exist also in trunk and 2.4.0 as well.
The problem seems to occur in TargetImportHandler$BufferedStringValue.append()
when the string to append exceeds the existing buffer by more than BUFFER_INCREMENT characters as the buffer is only incremented by BUFFER_INCREMENT chars no matter how big the string to append really is.
Afaik, the length of the destination buffer needs to be at least bufferPos (existing content) + length (as passed in).
In my example is saw 15854 (bufferPos) and 16384 (length param to append()) requiring at least 15854+ 16384=32238 bytes.
In that case the existing buffer was 16384 and the new buffer is 16384+BUFFER_INCREMENT=16384+8192 = 24576.
32238 > 24576 => ArrayIndexOutOfBounds exception.
Fix: I think the resizing of the buffer should observe the length.
Today: new size = old size + BUFFER_INCREMENT
New: new size = bufferPos + length
and if one would like to avoid future copies on small appends even
new size = bufferPos + length + BUFFER_INCREMENT
So instead of
char[] newBuffer = new char[buffer.length + BUFFER_INCREMENT];
I changed it to
char[] newBuffer = new char[ bufferPos +length + BUFFER_INCREMENT];
This is line 326 of
jackrabbit-jcr2spi: org/apache/jackrabbit/jcr2spi/xml/TargetImportHandler.java
For completeness this is the stack trace:
java.lang.ArrayIndexOutOfBoundsException: null
at java.lang.System.arraycopy(Native Method) ~[na:1.7.0_04-ea]
at org.apache.jackrabbit.jcr2spi.xml.TargetImportHandler$BufferedStringValue.append(TargetImportHandler.java:330) ~[jackrabbit-jcr2spi-2.2.10.jar:na]
at org.apache.jackrabbit.jcr2spi.xml.SysViewImportHandler.characters(SysViewImportHandler.java:204) ~[jackrabbit-jcr2spi-2.2.10.jar:na]
at org.apache.jackrabbit.jcr2spi.xml.ImportHandler.characters(ImportHandler.java:262) ~[jackrabbit-jcr2spi-2.2.10.jar:na]
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.characters(AbstractSAXParser.java:543) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:441) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:835) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1210) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:568) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:302) ~[na:1.7.0_04-ea]
at org.apache.jackrabbit.jcr2spi.SessionImpl.importXML(SessionImpl.java:400) ~[jackrabbit-jcr2spi-2.2.10.jar:na]
--Ingomar
was:
I've encountered an ArrayIndexOutOfBounds in 2.2.10 when using Session.importXML of larger documents.
It appears that buffer size calculation is wrong. That error should be exist also in trunk and 2.4.0.
The problem seems to occur when the string to append exceeds the existing buffer by more than BUFFER_INCREMENT characters as the buffer is only incremented by BUFFER_INCREMENT chars no matter how big the string to append really is.
Afaik, the length of the destination buffer needs to be at least bufferPos (existing content) + length (as passed in).
In my example is saw 15854 (bufferPos) and 16384 (length param to append()) requiring at least 15854+ 16384=32238 bytes.
In that case the existing buffer was 16384 and the new buffer is 16384+BUFFER_INCREMENT=16384+8192 = 24576.
32238 > 24576 => ArrayIndexOutOfBounds exception.
Fix: I think the resizing of the buffer should observe the length.
Today: new size = old size + BUFFER_INCREMENT
New: new size = bufferPos + length
and if one would like to avoid future copies on small appends even
new size = bufferPos + length + BUFFER_INCREMENT
So instead of
char[] newBuffer = new char[buffer.length + BUFFER_INCREMENT];
I changed it to
char[] newBuffer = new char[ bufferPos +length + BUFFER_INCREMENT];
This is line 326 of
jackrabbit-jcr2spi: org/apache/jackrabbit/jcr2spi/xml/TargetImportHandler.java
For completeness this is the stack trace:
java.lang.ArrayIndexOutOfBoundsException: null
at java.lang.System.arraycopy(Native Method) ~[na:1.7.0_04-ea]
at org.apache.jackrabbit.jcr2spi.xml.TargetImportHandler$BufferedStringValue.append(TargetImportHandler.java:330) ~[jackrabbit-jcr2spi-2.2.10.jar:na]
at org.apache.jackrabbit.jcr2spi.xml.SysViewImportHandler.characters(SysViewImportHandler.java:204) ~[jackrabbit-jcr2spi-2.2.10.jar:na]
at org.apache.jackrabbit.jcr2spi.xml.ImportHandler.characters(ImportHandler.java:262) ~[jackrabbit-jcr2spi-2.2.10.jar:na]
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.characters(AbstractSAXParser.java:543) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:441) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:835) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1210) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:568) ~[na:1.7.0_04-ea]
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:302) ~[na:1.7.0_04-ea]
at org.apache.jackrabbit.jcr2spi.SessionImpl.importXML(SessionImpl.java:400) ~[jackrabbit-jcr2spi-2.2.10.jar:na]
--Ingomar
> ArrayIndexOfOufBounds in TargetImportHandler$BufferedStringValue.append()
> -------------------------------------------------------------------------
>
> Key: JCR-3235
> URL: https://issues.apache.org/jira/browse/JCR-3235
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-jcr2spi
> Affects Versions: 2.2.10, 2.4
> Reporter: Ingomar Otter
> Labels: buffer-length
>
> I've encountered an ArrayIndexOutOfBounds in 2.2.10 when using Session.importXML of larger documents.
> It appears that buffer size calculation is wrong. That error should exist also in trunk and 2.4.0 as well.
> The problem seems to occur in TargetImportHandler$BufferedStringValue.append()
> when the string to append exceeds the existing buffer by more than BUFFER_INCREMENT characters as the buffer is only incremented by BUFFER_INCREMENT chars no matter how big the string to append really is.
> Afaik, the length of the destination buffer needs to be at least bufferPos (existing content) + length (as passed in).
> In my example is saw 15854 (bufferPos) and 16384 (length param to append()) requiring at least 15854+ 16384=32238 bytes.
> In that case the existing buffer was 16384 and the new buffer is 16384+BUFFER_INCREMENT=16384+8192 = 24576.
> 32238 > 24576 => ArrayIndexOutOfBounds exception.
> Fix: I think the resizing of the buffer should observe the length.
> Today: new size = old size + BUFFER_INCREMENT
> New: new size = bufferPos + length
> and if one would like to avoid future copies on small appends even
> new size = bufferPos + length + BUFFER_INCREMENT
> So instead of
> char[] newBuffer = new char[buffer.length + BUFFER_INCREMENT];
> I changed it to
> char[] newBuffer = new char[ bufferPos +length + BUFFER_INCREMENT];
> This is line 326 of
> jackrabbit-jcr2spi: org/apache/jackrabbit/jcr2spi/xml/TargetImportHandler.java
> For completeness this is the stack trace:
> java.lang.ArrayIndexOutOfBoundsException: null
> at java.lang.System.arraycopy(Native Method) ~[na:1.7.0_04-ea]
> at org.apache.jackrabbit.jcr2spi.xml.TargetImportHandler$BufferedStringValue.append(TargetImportHandler.java:330) ~[jackrabbit-jcr2spi-2.2.10.jar:na]
> at org.apache.jackrabbit.jcr2spi.xml.SysViewImportHandler.characters(SysViewImportHandler.java:204) ~[jackrabbit-jcr2spi-2.2.10.jar:na]
> at org.apache.jackrabbit.jcr2spi.xml.ImportHandler.characters(ImportHandler.java:262) ~[jackrabbit-jcr2spi-2.2.10.jar:na]
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.characters(AbstractSAXParser.java:543) ~[na:1.7.0_04-ea]
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:441) ~[na:1.7.0_04-ea]
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:835) ~[na:1.7.0_04-ea]
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) ~[na:1.7.0_04-ea]
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123) ~[na:1.7.0_04-ea]
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1210) ~[na:1.7.0_04-ea]
> at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:568) ~[na:1.7.0_04-ea]
> at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:302) ~[na:1.7.0_04-ea]
> at org.apache.jackrabbit.jcr2spi.SessionImpl.importXML(SessionImpl.java:400) ~[jackrabbit-jcr2spi-2.2.10.jar:na]
> --Ingomar
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira