From 6d25170c25025ce1bf6b140deb594b4da7abd49b Mon Sep 17 00:00:00 2001 From: Tatu Saloranta Date: Thu, 11 Feb 2021 14:58:54 -0800 Subject: [PATCH] Fix #122 --- README.md | 2 +- release-notes/VERSION | 5 +++++ .../com/ctc/wstx/sr/AttributeCollector.java | 4 ++-- .../com/ctc/wstx/sr/BasicStreamReader.java | 16 +++++++++++----- .../wstxtest/stream/TestAttributeLimits.java | 18 +++++++++++++++++- 5 files changed, 36 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 1e93764c..394d262b 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ Coordinates for this are: * Group id: `com.fasterxml.woodstox` * Artifact id: `woodstox-core` -* Latest published version: 6.0.3 (2019-12-07) +* Latest published version: 6.2.4 (2021-02-11) Note that Maven id has changed since Woodstox 4.x. diff --git a/release-notes/VERSION b/release-notes/VERSION index c29c215d..22e32e58 100644 --- a/release-notes/VERSION +++ b/release-notes/VERSION @@ -4,6 +4,11 @@ Project: woodstox === Releases === ------------------------------------------------------------------------ +6.2.4 (11-Feb-2021) + +#122: Expected either attr limit (2147483647) >= currAttrSize (0) OR >= outBuf.length (96) + (reported by j3rem1e@github) + 6.2.3 (16-Oct-2020) #117: Problem with `Stax2ByteArraySource`, encodings other than UTF-8 diff --git a/src/main/java/com/ctc/wstx/sr/AttributeCollector.java b/src/main/java/com/ctc/wstx/sr/AttributeCollector.java index 0c221893..7c7a858c 100644 --- a/src/main/java/com/ctc/wstx/sr/AttributeCollector.java +++ b/src/main/java/com/ctc/wstx/sr/AttributeCollector.java @@ -192,7 +192,7 @@ public final class AttributeCollector protected int mAttrSpillEnd; protected int mMaxAttributesPerElement; - protected int mMaxAttributeSize; +// protected int mMaxAttributeSize; /* /////////////////////////////////////////////// @@ -211,7 +211,7 @@ protected AttributeCollector(ReaderConfig cfg, boolean nsAware) mXmlIdLocalName = "xml:id"; } mMaxAttributesPerElement = cfg.getMaxAttributesPerElement(); - mMaxAttributeSize = cfg.getMaxAttributeSize(); +// mMaxAttributeSize = cfg.getMaxAttributeSize(); } /** diff --git a/src/main/java/com/ctc/wstx/sr/BasicStreamReader.java b/src/main/java/com/ctc/wstx/sr/BasicStreamReader.java index 726a0699..381dec58 100644 --- a/src/main/java/com/ctc/wstx/sr/BasicStreamReader.java +++ b/src/main/java/com/ctc/wstx/sr/BasicStreamReader.java @@ -1968,7 +1968,7 @@ private final void parseAttrValue(char openingQuote, TextBuilder tb) // important! Underlying buffer may be shared, does not necessarily start from 0 final int startingOffset = outPtr; final int maxAttrSize = mConfig.getMaxAttributeSize(); - int outLimit = Math.min(startingOffset+maxAttrSize, outBuf.length); + int outLimit = _outputLimit(outBuf, startingOffset, maxAttrSize); final WstxInputSource currScope = mInput; while (true) { @@ -2023,7 +2023,7 @@ private final void parseAttrValue(char openingQuote, TextBuilder tb) ch -= 0x10000; if (outPtr >= outLimit) { outBuf = _checkAttributeLimit(tb, outBuf, outPtr, outPtr - startingOffset, maxAttrSize); - outLimit = Math.min(startingOffset+maxAttrSize, outBuf.length); + outLimit = _outputLimit(outBuf, startingOffset, maxAttrSize); } outBuf[outPtr++] = (char) ((ch >> 10) + 0xD800); c = (char) ((ch & 0x3FF) + 0xDC00); @@ -2036,7 +2036,7 @@ private final void parseAttrValue(char openingQuote, TextBuilder tb) // Ok, let's just add char in, whatever it was if (outPtr >= outLimit) { outBuf = _checkAttributeLimit(tb, outBuf, outPtr, outPtr - startingOffset, maxAttrSize); - outLimit = Math.min(startingOffset+maxAttrSize, outBuf.length); + outLimit = _outputLimit(outBuf, startingOffset, maxAttrSize); } outBuf[outPtr++] = c; } @@ -2045,6 +2045,11 @@ private final void parseAttrValue(char openingQuote, TextBuilder tb) tb.setBufferSize(outPtr); } + private final int _outputLimit(char[] outBuf, int offset, int maxAttrLen) { + // [woodstox-core#122]: make sure "offset + max-size" does not overflow: + return Math.min(outBuf.length, Math.max(maxAttrLen, offset+maxAttrLen)); + } + private final char[] _checkAttributeLimit(TextBuilder tb, char[] outBuf, int outPtr, int currAttrSize, int maxAttrSize) throws XMLStreamException @@ -2053,8 +2058,9 @@ private final char[] _checkAttributeLimit(TextBuilder tb, verifyLimit("Maximum attribute size", maxAttrSize , currAttrSize+1); // just sanity check if (outPtr < outBuf.length) { - ExceptionUtil.throwInternal("Expected either attr limit ("+maxAttrSize - +") >= currAttrSize ("+currAttrSize+") OR >= outBuf.length ("+outBuf.length+")"); + ExceptionUtil.throwInternal(String.format( +"Expected either currAttrSize (%d) > maxAttrSize (%d) OR outPtr (%d) >= outBuf.length (%d)", +currAttrSize, maxAttrSize, outPtr, outBuf.length)); } return tb.bufferFull(1); } diff --git a/src/test/java/wstxtest/stream/TestAttributeLimits.java b/src/test/java/wstxtest/stream/TestAttributeLimits.java index 61c99816..03d66f23 100644 --- a/src/test/java/wstxtest/stream/TestAttributeLimits.java +++ b/src/test/java/wstxtest/stream/TestAttributeLimits.java @@ -81,7 +81,7 @@ public void testExactSmallMaxAttributeCount() throws Exception } r.close(); } - + // [woodstox-core#93]: should use stricter verification of max attr length public void testShorterAttribute() throws Exception { @@ -143,4 +143,20 @@ public void close() throws IOException { } } reader.close(); // never gets here } + + // [woodstox-core#122]: problem setting max-attr-size to Integer.MAX_VALUE + public void testMaxAttrMaxIntValue() throws Exception + { + XMLInputFactory factory = getNewInputFactory(); + factory.setProperty(WstxInputProperties.P_MAX_ATTRIBUTE_SIZE, Integer.MAX_VALUE); + + // First: ok document + XMLStreamReader r = factory.createXMLStreamReader(new StringReader( + "")); + assertTokenType(START_ELEMENT, r.next()); + assertEquals(3, r.getAttributeCount()); + assertEquals("foobar", r.getAttributeValue(2)); + assertTokenType(END_ELEMENT, r.next()); + r.close(); + } }