Posted
8 months
ago
by
Elliotte Rusty Harold
Maybe it can, but so far I don't think this has been proven. The issue with stack depth is not memory usage. DOM's tend to be inefficient. That's not news. In 2023 250 M heap size is small, and I'm not surprised you got an OOM. Implementing stack Read more
|
Posted
8 months
ago
by
shuailingliang
After adding the closing tag, the memory has not been significantly reduced. The main reason is because the depth of the element is too large. Currently, we have no way to check the depth of this element. We checked the JDK's documentation and Read more
|
Posted
8 months
ago
by
Elliotte Rusty Harold
The first question I'll ask is whether this is quadratic, exponential, or linear. A 20X increase in memory size from raw file to DOM is not unheard of in this space by any means. If you add a closing tag at the end does the memory use suddenly Read more
|
Posted
8 months
ago
by
shuailingliang
When parsing an xml file similar to the following by calling the javax.xml.parsers.DocumentBuilder#parse(java.io.File) method, the elements are nested layer by layer and there is no element closing tag. Since the depth of elements cannot be verified, Read more
|
Posted
10 months
ago
by
Samuel Hailemichael
During the implementation of Validator using apache xerces, setting features that prevent XML External Entity are not working. When parsing through an XML file, I consistently get DNS callbacks when attempting to load an external dtd with a DOCTYPE Read more
|
Posted
10 months
ago
by
Grzegorz Borkowski
Remove org.w3c.dom.html.HTMLDOMImplementation from xercesImpl.jar
|
Posted
10 months
ago
by
Danny Trunk
CVE-2017-10355 (OSSINDEX) sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS) The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. CWE-833 Deadlock Read more
|
Posted
10 months
ago
by
Danny Trunk
CVE-2017-10355 (OSSINDEX) sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS) The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. CWE-833 Deadlock Read more
|
Posted
about 1 year
ago
by
Mukul Gandhi
I've re-committed an icu4j 68.1 jar file (with svn revision 1908606), built with jdk 1.7 as the rest of current xercesj codebase. The XercesJ test reports, for XercesJ's XPath 2.0 processor and the XML Schema 1.1 processor are all ok, with this Read more
|
Posted
about 1 year
ago
by
Mukul Gandhi
A new icu4j jar has been committed to xercesj svn with revision 1908569, as a fix for this issue. This jar file was built with icu4j sources of version 68.1, using java 1.7 source and target levels. This shall allow us, to keep xercesj's java min Read more
|