You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by "Spencer Stecko (Jira)" <xe...@xml.apache.org> on 2021/12/15 16:33:00 UTC

[jira] [Commented] (XERCESC-2234) Xerces does not correctly interpret negative jaxp processing limits as "NO LIMIT"

    [ https://issues.apache.org/jira/browse/XERCESC-2234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17460073#comment-17460073 ] 

Spencer Stecko commented on XERCESC-2234:
-----------------------------------------

Thanks. Opened https://issues.apache.org/jira/browse/XERCESJ-1734 

> Xerces does not correctly interpret negative jaxp processing limits as "NO LIMIT" 
> ----------------------------------------------------------------------------------
>
>                 Key: XERCESC-2234
>                 URL: https://issues.apache.org/jira/browse/XERCESC-2234
>             Project: Xerces-C++
>          Issue Type: Bug
>          Components: Validating Parser (XML Schema)
>    Affects Versions: 3.2.3
>            Reporter: Spencer Stecko
>            Priority: Minor
>
> According to the oracle documentation, many of the limits to jaxp processing settings can be set to zero or a number less than zero to indicate no limit: [https://docs.oracle.com/javase/tutorial/jaxp/limits/limits.html]
>  
> However, when I do this (with jdk.xml.maxOccurLimit), I get the following stack trace:
>  
> {code:java}
> Caused by: org.xml.sax.SAXParseException: Current configuration of the parser doesn't allow the expansion of a content model for a complex type to contain more than -1 nodes.
>     at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:204)
>     at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178)
>     at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400)
>     at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.reportSchemaErr(XSDHandler.java:4253)
>     at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.reportSchemaFatalError(XSDHandler.java:4232)
>     at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSAttributeChecker.reportSchemaFatalError(XSAttributeChecker.java:1569)
>     at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSAttributeChecker.checkAttributes(XSAttributeChecker.java:1201)
>     at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSAttributeChecker.checkAttributes(XSAttributeChecker.java:960)
>     at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDAbstractParticleTraverser.traverseSeqChoice(XSDAbstractParticleTraverser.java:204)
>     at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDAbstractParticleTraverser.traverseSequence(XSDAbstractParticleTraverser.java:160)
>     at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDComplexTypeTraverser.processComplexContent(XSDComplexTypeTraverser.java:1043)
>     at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDComplexTypeTraverser.traverseComplexTypeDecl(XSDComplexTypeTraverser.java:335)
>     at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDComplexTypeTraverser.traverseGlobal(XSDComplexTypeTraverser.java:191)
>     at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.traverseSchemas(XSDHandler.java:1479)
>     at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.parseSchema(XSDHandler.java:662)
>     at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadSchema(XMLSchemaLoader.java:617)
>     at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadGrammar(XMLSchemaLoader.java:576)
>     at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadGrammar(XMLSchemaLoader.java:542)
>     at com.sun.org.apache.xerces.internal.jaxp.validation.XMLSchemaFactory.newSchema(XMLSchemaFactory.java:276)
>     at javax.xml.validation.SchemaFactory.newSchema(SchemaFactory.java:669) {code}
>  
> I have no idea what this repo I found is, but it appears to include some sort of mirror of the apache xerces codebase, and the bug is clearly visible here: [https://github.com/elastic/openjdkMirror/blob/f437b1097e6a395e91382cdfc7ec94355b554c51/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java#L378] 
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org