8029955: AIOB in XMLEntityScanner.scanLiteral upon parsing literals with > 100 LF chars

Reviewed-by: dfuchs, lancea, ulfzibis
2013-12-23 13:57:42 -08:00 · 2013-12-23 13:57:42 -08:00 · 57ea146212
commit 57ea146212
parent 948927d98e
1 changed files with 26 additions and 17 deletions
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityScanner.java
@ -1142,7 +1142,7 @@ public class XMLEntityScanner implements XMLLocator  {
            int i=0;
            for ( i = offset; i < fCurrentEntity.position; i++) {
                fCurrentEntity.ch[i] = '\n';
-                whiteSpaceLookup[whiteSpaceLen++]=i;
+                storeWhiteSpace(i);
            }

            int length = fCurrentEntity.position - offset;
@ -1163,27 +1163,18 @@ public class XMLEntityScanner implements XMLLocator  {
        }

        // scan literal value
-        while (fCurrentEntity.position < fCurrentEntity.count) {
-            c = fCurrentEntity.ch[fCurrentEntity.position++];
+        for (; fCurrentEntity.position<fCurrentEntity.count; fCurrentEntity.position++) {
+            c = fCurrentEntity.ch[fCurrentEntity.position];
            if ((c == quote &&
-                 (!fCurrentEntity.literal || isExternal))
-                || c == '%' || !XMLChar.isContent(c)) {
-                fCurrentEntity.position--;
+                    (!fCurrentEntity.literal || isExternal)) ||
+                    c == '%' || !XMLChar.isContent(c)) {
                break;
            }
-            if(whiteSpaceInfoNeeded){
-                if(c == 0x20 || c == 0x9){
-                    if(whiteSpaceLen < whiteSpaceLookup.length){
-                        whiteSpaceLookup[whiteSpaceLen++]= fCurrentEntity.position-1;
-                    }else{
-                        int [] tmp = new int[whiteSpaceLookup.length*2];
-                        System.arraycopy(whiteSpaceLookup,0,tmp,0,whiteSpaceLookup.length);
-                        whiteSpaceLookup = tmp;
-                        whiteSpaceLookup[whiteSpaceLen++]= fCurrentEntity.position - 1;
-                    }
-                }
+            if (whiteSpaceInfoNeeded && c == '\t') {
+                storeWhiteSpace(fCurrentEntity.position);
            }
        }
+
        int length = fCurrentEntity.position - offset;
        fCurrentEntity.columnNumber += length - newlines;
        content.setValues(fCurrentEntity.ch, offset, length);
@ -1209,6 +1200,24 @@ public class XMLEntityScanner implements XMLLocator  {

    } // scanLiteral(int,XMLString):int

+    /**
+     * Save whitespace information. Increase the whitespace buffer by 100
+     * when needed.
+     *
+     * For XML 1.0, legal characters below 0x20 are 0x09 (TAB), 0x0A (LF) and 0x0D (CR).
+     *
+     * @param whiteSpacePos position of a whitespace in the scanner entity buffer
+     */
+    private void storeWhiteSpace(int whiteSpacePos) {
+        if (whiteSpaceLen >= whiteSpaceLookup.length) {
+            int [] tmp = new int[whiteSpaceLookup.length + 100];
+            System.arraycopy(whiteSpaceLookup, 0, tmp, 0, whiteSpaceLookup.length);
+            whiteSpaceLookup = tmp;
+        }
+
+        whiteSpaceLookup[whiteSpaceLen++] = whiteSpacePos;
+    }
+
    //CHANGED:
    /**
     * Scans a range of character data up to the specified delimiter,