You are viewing a plain text version of this content. The canonical link for it is here.

Posted to j-dev@xerces.apache.org by bu...@apache.org on 2001/11/25 04:55:40 UTC

DO NOT REPLY [Bug 5062] New: - Buffer overwrite problem in XMLDTDScannerImpl.java

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5062>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5062

Buffer overwrite problem in XMLDTDScannerImpl.java

           Summary: Buffer overwrite problem in XMLDTDScannerImpl.java
           Product: Xerces2-J
           Version: 2.0.0 [beta 2]
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Other
         Component: DTD
        AssignedTo: xerces-j-dev@xml.apache.org
        ReportedBy: gmottram@usa.net


On line 1403 in org/apache/xerces/impl/XMLDTDScannerImpl.java, scanEntityDecl()
calls skipSeparator(), which calls fEntityScanner.skipSpaces() to skip the white
space at the end of an entity declaration.  The problem is, the current entity
has not been processed yet and if skipSpaces() runs out of data in the current
buffer, the buffer will be overwritten with a new block of data.  In this case,
fLiteral and fLiteral2, which point to the old contents of the buffer, get
hosed.  When the entity is finally processed, its values are no longer valid.

For an example of this, use the DTDs available at the following web address:

	http://lcweb.loc.gov/ead/eadv1ann.html#whattodo

The entities in this DTD have lots of white space. Create a document like the
following and parse it in non-validating mode:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ead SYSTEM "ead.dtd">
<ead/>

I was using the sax/DocumentTracer.java program with the "-V -S" options. In the
second call to internalEntityDecl, the entity name will be %noxlink and its
value will be seven blanks instead of "INCLUDE".

I would have attempted to fix the problem but it looks like this error might run
throughout the DTD code and needs a good look by one of its authors.

Thank you for your assistance in this matter.

---------------------------------------------------------------------
To unsubscribe, e-mail: xerces-j-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xerces-j-dev-help@xml.apache.org