You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by "Matt Hillsdon (JIRA)" <ji...@apache.org> on 2013/12/13 14:07:06 UTC

[jira] [Created] (IVYDE-354) xml bomb in workspace causes hang in Ivy code during Search or Synchronize operations

Matt Hillsdon created IVYDE-354:
-----------------------------------

             Summary: xml bomb in workspace causes hang in Ivy code during Search or Synchronize operations
                 Key: IVYDE-354
                 URL: https://issues.apache.org/jira/browse/IVYDE-354
             Project: IvyDE
          Issue Type: Bug
          Components: ivy editor, ivysettings editor
    Affects Versions: 2.2.0.final
            Reporter: Matt Hillsdon
         Attachments: content-type.patch

My Eclipse workspace contains a number of XML file test cases for various projects.  These include several with examples of "XML bombs" / Billion laugh attacks.  See http://en.wikipedia.org/wiki/Billion_laughs for an example.

These did not cause an issue for Eclipse until I installed IvyDE.  I now get hangs during workspace searches and SVN synchronize operations when they hit these files.  This is easiest to reproduce by doing a full workspace text search.

IvyDE implements its own subclasses of XMLContentDescriber, which perform a full SAX parse of the XML file.  Looking at other Eclipse plugins in this area, it seems there is support for identifying the root element provided by XMLRootElementContentDescriber2.  Switching to this does not exhibit the same issues (presumably down to their XML parser configuration).  I've attached a sample patch.  My patch doesn't delete the Ivy(File|Settings)ContentDescriber classes, which are no longer used.

This does involve a behaviour change in that it only recognises ivy files by the root XML element.  Are there valid IvyDE uses for ivy-module / ivy-settings files that are embedded in other XML elements?

Example trace:

"Worker-11" prio=10 tid=0x09983c00 nid=0x7c1c runnable [0x5feb8000]
   java.lang.Thread.State: RUNNABLE
        at org.apache.xerces.impl.XMLEntityScanner.scanContent(Unknown Source)
        at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanContent(Unknown Source)
        at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
        at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
        at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
        at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
        at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
        at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
        at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
        at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source)
        at org.apache.ivyde.internal.eclipse.XMLHelper.parse(XMLHelper.java:76)
        at org.apache.ivyde.internal.eclipse.ui.editors.IvyFileContentDescriber.checkCriteria(IvyFileContentDescriber.java:70)
        at org.apache.ivyde.internal.eclipse.ui.editors.IvyFileContentDescriber.describe(IvyFileContentDescriber.java:53)
        at org.eclipse.core.internal.content.ContentTypeCatalog.describe(ContentTypeCatalog.java:218)
 ... 



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)