[jira] Updated: (XERCESC-1207) XMLScanner::scanCharData fills XMLBuffer until out of memory

[ji...@apache.org]

The following issue has been updated:

    Updater: Dan Rosen (mailto:danr@efi.com)
       Date: Fri, 14 May 2004 12:28 PM
    Comment:
Added proposed patch for limiting input buffer size. There were a couple things I was undecided on, that I'd like some review for:

- I wasn't sure what would be the most appropriate error code to use in XMLBuffer.cpp, when the buffer could not be resized (I currently use XMLExcepts::Array_BadNewSize).

- I'm not sure what the precedent is for avoiding the ambiguous base class problem (XMemory, specifically) when doing mix-in inheritance. The way I avoided it was to make XMLBufferFullHandler not inherit from XMemory at all, which I assume is fine since it's a pure virtual interface.

- I thought it might be fine to not modify the DOM interfaces to allow custom maximum buffer size, since there is a reasonable default set in the scanner implementation, and since I'd anticipate that DOM users are less memory-constrained typically than SAX users. Also, if it becomes necessary to add this, it will be straightforward to do so later.

Cheers,
dr
    Changes:
             Attachment changed to inputbuffersize
    ---------------------------------------------------------------------
For a full history of the issue, see:

  http://issues.apache.org/jira/browse/XERCESC-1207?page=history

---------------------------------------------------------------------
View the issue:
  http://issues.apache.org/jira/browse/XERCESC-1207

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: XERCESC-1207
    Summary: XMLScanner::scanCharData fills XMLBuffer until out of memory
       Type: Bug

     Status: Unassigned
   Priority: Critical

    Project: Xerces-C++
 Components: 
             Non-Validating Parser
   Versions:
             2.5.0

   Assignee: 
   Reporter: Dan Rosen

    Created: Mon, 10 May 2004 10:51 AM
    Updated: Fri, 14 May 2004 12:28 PM

Description:
When parsing an XML file consisting primarily of very large (hundreds of megabytes) blocks of contiguous character data, XMLScanner::scanCharData() happily attempts to build a single XMLBuffer containing all the data. Eventually the buffer becomes so large that the reallocation within XMLBuffer::insureCapacity() fails, causing std::bad_alloc to be thrown, or a crash in memcpy (depending on compiler). The fundamental problem seems to be that there is no upper bound imposed on buffer length.

In the SAX model, it is acceptable to issue multiple ContentHandler::characters() callbacks for a single contiguous block of data. The only restriction on how this should be implemented is that all characters in any single event must come from the same external entity; no further behavior is specified. So it would be perfectly conformant to the SAX model to set an upper bound on the size of a single characters() event.

(As far as I understand, allowing an upper bound in XMLScanner::scanCharData() would not affect the DOM)

I'd propose that an upper bound for character buffer size be added as an optional parameter (with some reasonable value as a default), either in the constructor of the parser or in useScanner(), and that that parameter be used to inform XMLScanner::scanCharData() when to force a call to sendCharData() to dump the buffer to its client.


---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: xerces-c-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xerces-c-dev-help@xml.apache.org