You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by "David K. Taylor (Updated) (JIRA)" <xe...@xml.apache.org> on 2012/02/27 22:41:48 UTC
[jira] [Updated] (XERCESC-1977) XMLUTF8Transcoder split surrogates
causes Xalan to run out of memory
[ https://issues.apache.org/jira/browse/XERCESC-1977?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David K. Taylor updated XERCESC-1977:
-------------------------------------
Attachment: xercesc-1977.patch
This patch fixes bug XERCESC-1977
> XMLUTF8Transcoder split surrogates causes Xalan to run out of memory
> --------------------------------------------------------------------
>
> Key: XERCESC-1977
> URL: https://issues.apache.org/jira/browse/XERCESC-1977
> Project: Xerces-C++
> Issue Type: Bug
> Components: Utilities
> Affects Versions: 2.7.0
> Environment: Debian Linux 2.4.27
> Reporter: David K. Taylor
> Fix For: 2.7.0
>
> Attachments: xercesc-1977.patch
>
>
> When a surrogate pair is split at an input buffer boundary so only the high surrogate is the last code point in the buffer when transcode() is called, then XMLUTF8Transcoder succeeds but does not consume the entire buffer. This causes Xalan to loop infinitely, doubling the buffer each time, leading to an out of memory failure. The full backtrace is below.
> I will attach a patch that changes XMLUTF8Transcoder so that it saves the dangling high surrogate in this case and uses it when transcode() is called again.
> (gdb) Primary backtrace
> (gdb) =================
> (gdb) #0 0xf6da37c7 in raise () from /lib/tls/libc.so.6
> #1 0xf6da4f49 in abort () from /lib/tls/libc.so.6
> #2 0xf6f99994 in __gnu_cxx::__verbose_terminate_handler() () from
> /usr/lib/libstdc++.so.6
> #3 0xf6f973b5 in ?? () from /usr/lib/libstdc++.so.6
> #4 0xf6f973f2 in std::terminate() () from /usr/lib/libstdc++.so.6
> #5 0xf6f9752a in __cxa_throw () from /usr/lib/libstdc++.so.6
> #6 0xf76eee1d in xercesc_2_7::MemoryManagerImpl::allocate(unsigned int) ()
> from /usr/lib/libxerces-c.so.27
> #7 0xf724cd1a in xalanc_1_10::XalanOutputStream::transcode(unsigned short
> const*, unsigned int, xalanc_1_10::XalanVector<char,
> xalanc_1_10::MemoryManagedConstructionTraits<char> >&) () from
> /usr/lib/libxalan-c.so.110
> #8 0xf724d1af in xalanc_1_10::XalanOutputStream::doWrite(unsigned short
> const*, unsigned int) () from /usr/lib/libxalan-c.so.110
> #9 0xf724d213 in xalanc_1_10::XalanOutputStream::flushBuffer() () from
> /usr/lib/libxalan-c.so.110
> #10 0xf724eec8 in xalanc_1_10::XalanOutputStreamPrintWriter::write(unsigned
> short) () from /usr/lib/libxalan-c.so.110
> #11 0xf7268e6a in xalanc_1_10::FormatterToText::characters(unsigned short
> const*, unsigned int) () from /usr/lib/libxalan-c.so.110
> #12 0xf7418674 in xalanc_1_10::XSLTEngineImpl::characters(unsigned short
> const*, unsigned int, unsigned int) () from /usr/lib/libxalan-c.so.110
> #13 0xf73d0ce8 in
> xalanc_1_10::StylesheetExecutionContextDefault::characters(unsigned short
> const*, unsigned int, unsigned int) () from /usr/lib/libxalan-c.so.110
> #14 0xf737c5bb in xalanc_1_10::FormatterListenerAdapater::characters(unsigned
> short const*, unsigned int) () from /usr/lib/libxalan-c.so.110
> #15 0xf725484d in
> xalanc_1_10::DOMServices::getNodeData(xalanc_1_10::XalanElement const&,
> xalanc_1_10::FormatterListener&, void
> (xalanc_1_10::FormatterListener::*)(unsigned short const*, unsigned int)) ()
> from /usr/lib/libxalan-c.so.110
> #16 0xf7254b63 in xalanc_1_10::DOMServices::getNodeData(xalanc_1_10::XalanNode
> const&, xalanc_1_10::FormatterListener&, void
> (xalanc_1_10::FormatterListener::*)(unsigned short const*, unsigned int)) ()
> from /usr/lib/libxalan-c.so.110
> #17 0xf72a3947 in
> xalanc_1_10::XNodeSetBase::str(xalanc_1_10::FormatterListener&, void
> (xalanc_1_10::FormatterListener::*)(unsigned short const*, unsigned int)) const
> () from /usr/lib/libxalan-c.so.110
> #18 0xf72be80e in xalanc_1_10::XPath::executeMore(xalanc_1_10::XalanNode*, int
> const*, xalanc_1_10::XPathExecutionContext&, xalanc_1_10::FormatterListener&,
> void (xalanc_1_10::FormatterListener::*)(unsigned short const*, unsigned int))
> const () from /usr/lib/libxalan-c.so.110
> #19 0xf737c377 in
> xalanc_1_10::ElemValueOf::startElement(xalanc_1_10::StylesheetExecutionContext&)
> const () from /usr/lib/libxalan-c.so.110
> #20 0xf73786ac in
> xalanc_1_10::ElemTemplateElement::execute(xalanc_1_10::StylesheetExecutionContext&)
> const () from /usr/lib/libxalan-c.so.110
> #21 0xf73f9f92 in xalanc_1_10::StylesheetRoot::process(xalanc_1_10::XalanNode*,
> xalanc_1_10::XSLTResultTarget&, xalanc_1_10::StylesheetExecutionContext&) const
> () from /usr/lib/libxalan-c.so.110
> #22 0xf740f234 in
> xalanc_1_10::XSLTEngineImpl::process(xalanc_1_10::XSLTInputSource const&,
> xalanc_1_10::XSLTResultTarget&, xalanc_1_10::StylesheetExecutionContext&) ()
> from /usr/lib/libxalan-c.so.110
> #23 0xf744401f in
> xalanc_1_10::XalanTransformer::doTransform(xalanc_1_10::XalanParsedSource
> const&, xalanc_1_10::XalanCompiledStylesheet const*,
> xalanc_1_10::XSLTInputSource const*, xalanc_1_10::XSLTResultTarget const&) ()
> from /usr/lib/libxalan-c.so.110
> #24 0xf744674b in
> xalanc_1_10::XalanTransformer::transform(xalanc_1_10::XSLTInputSource const&,
> xalanc_1_10::XalanCompiledStylesheet const*, xalanc_1_10::XSLTResultTarget
> const&) () from /usr/lib/libxalan-c.so.110
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org