You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by "Matt Hillsdon (JIRA)" <ji...@apache.org> on 2013/12/13 14:07:06 UTC
[jira] [Created] (IVYDE-354) xml bomb in workspace causes hang in
Ivy code during Search or Synchronize operations
Matt Hillsdon created IVYDE-354:
-----------------------------------
Summary: xml bomb in workspace causes hang in Ivy code during Search or Synchronize operations
Key: IVYDE-354
URL: https://issues.apache.org/jira/browse/IVYDE-354
Project: IvyDE
Issue Type: Bug
Components: ivy editor, ivysettings editor
Affects Versions: 2.2.0.final
Reporter: Matt Hillsdon
Attachments: content-type.patch
My Eclipse workspace contains a number of XML file test cases for various projects. These include several with examples of "XML bombs" / Billion laugh attacks. See http://en.wikipedia.org/wiki/Billion_laughs for an example.
These did not cause an issue for Eclipse until I installed IvyDE. I now get hangs during workspace searches and SVN synchronize operations when they hit these files. This is easiest to reproduce by doing a full workspace text search.
IvyDE implements its own subclasses of XMLContentDescriber, which perform a full SAX parse of the XML file. Looking at other Eclipse plugins in this area, it seems there is support for identifying the root element provided by XMLRootElementContentDescriber2. Switching to this does not exhibit the same issues (presumably down to their XML parser configuration). I've attached a sample patch. My patch doesn't delete the Ivy(File|Settings)ContentDescriber classes, which are no longer used.
This does involve a behaviour change in that it only recognises ivy files by the root XML element. Are there valid IvyDE uses for ivy-module / ivy-settings files that are embedded in other XML elements?
Example trace:
"Worker-11" prio=10 tid=0x09983c00 nid=0x7c1c runnable [0x5feb8000]
java.lang.Thread.State: RUNNABLE
at org.apache.xerces.impl.XMLEntityScanner.scanContent(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanContent(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source)
at org.apache.ivyde.internal.eclipse.XMLHelper.parse(XMLHelper.java:76)
at org.apache.ivyde.internal.eclipse.ui.editors.IvyFileContentDescriber.checkCriteria(IvyFileContentDescriber.java:70)
at org.apache.ivyde.internal.eclipse.ui.editors.IvyFileContentDescriber.describe(IvyFileContentDescriber.java:53)
at org.eclipse.core.internal.content.ContentTypeCatalog.describe(ContentTypeCatalog.java:218)
...
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)