Add fix for overflow error in MXParser buffer sizing #72
Conversation
mealingr
force-pushed
the
mxparser_overflow
branch
from
951cfba to
83a704f
Compare
mealingr
force-pushed
the
mxparser_overflow
branch
from
83a704f to
341a72f
Compare
| @@ -3656,7 +3656,8 @@ else if ( expand ) | |||
| buf = newBuf; | |||
| if ( bufLoadFactor > 0 ) | |||
| { | |||
| bufSoftLimit = ( bufLoadFactor * buf.length ) / 100; | |||
| // Include fix for https://web.archive.org/web/20070831191548/http://www.extreme.indiana.edu/bugzilla/show_bug.cgi?id=228 | |||
| bufSoftLimit = (int) ((((long) bufLoadFactor) * buf.length) / 100); | |||
There was a problem hiding this comment.
if bufLoadFactor remains constant, then you can simplify: bufSoftLimit = 2*bufSoftLimit;
There was a problem hiding this comment.
if
bufLoadFactorremains constant, then you can simplify:bufSoftLimit = 2*bufSoftLimit;
I see what you mean because the only thing changing at the moment is the buf.len which is being doubled, so this calculation should essentially result in 2 times the current bufSoftLimit, but as we're not guaranteed that bufSoftLimit will remain constant (it's not declared as such) then erring on the side of accuracy over simplification seems to make sense here.
There was a problem hiding this comment.
It could be modified but it is very unlikely: the field is protected, with no setter and no constructor setting the value, which means only is modifiable by subclassing MXParser. This design is very leaky. Even it represents a percentage of the total storage so (bufLoadFactor/100) could be pre-computed. We could define a new field protected float bufferLoadFactor = 0.95f; and deprecate the 'bufLoadFactor' field.
There was a problem hiding this comment.
It could be modified but it is very unlikely: the field is protected, with no setter and no constructor setting the value, which means only is modifiable by subclassing
MXParser. This design is very leaky. Even it represents a percentage of the total storage so(bufLoadFactor/100)could be pre-computed. We could define a new fieldprotected float bufferLoadFactor = 0.95f;and deprecate the 'bufLoadFactor' field.
Agree with your suggestion it helps simplify it 6c55f73
mealingr
force-pushed
the
mxparser_overflow
branch
from
ea2f958 to
6c55f73
Compare
| @@ -391,6 +391,23 @@ public void testSubsequentProcessingInstructionMoreThan8k() | |||
| assertEquals( XmlPullParser.END_TAG, parser.nextToken() ); | |||
| } | |||
|
|
|||
| @Test | |||
| public void testFillBuf_NoOverflow() | |||
There was a problem hiding this comment.
Could you write the test in terms of the public API? Accessing directly the fields and calling directy fillBuf() is not the normal use the parser. I'm thinking generating a big enough XML file, parsing it, showing that fails without the patch and pass the test with the patch in place.
There was a problem hiding this comment.
Could you write the test in terms of the public API? Accessing directly the fields and calling directy fillBuf() is not the normal use the parser. I'm thinking generating a big enough XML file, parsing it, showing that fails without the patch and pass the test with the patch in place.
Sure a3f9276 (without the patch that test fails with java.io.IOException: error reading input, returned 0)
|
merged, thank you |
This is to include this fix (original URL is down so referencing using a wayback machine link, also copied below) which helps prevent
bufSoftLimitbeing updated to an integer overflowed value.https://web.archive.org/web/20070831191548/http://www.extreme.indiana.edu/bugzilla/show_bug.cgi?id=228