jaxp
  1. jaxp
  2. JAXP-74

Data corruption in SAXParser, chars outside XML passed to DefaultHandler.characters()

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      In 2008, I have isolated and documented a serious bug in SAXParser. The bug can be easily reproduced on multiple platforms and leads to data corruption, e.g. when importing a database dump from an XML file.

      http://bugs.sun.com/view_bug.do?bug_id=6716312

      This bug seems to be fixed in newer Xerces versions, but JDK 7 still includes Xerces 2.7.1., which dates from 2005.

      1. SaxParserError.java
        2 kB
        Christian d'Heureuse
      2. SaxParserError.xml
        56 kB
        Christian d'Heureuse

        Activity

        Hide
        Joe Wang added a comment -

        See JAXP release notes 1.4.4 through 1.4.6, JDK7 has been updated partially to Xerces. 2.10. Since it's not a complete update, the version number has not been changed. I wish we could have done a complete update but were constrained by resources.

        As for the issue you reported, do you happen to know a particular patch in the newer Xerces that would fix your problem?

        Show
        Joe Wang added a comment - See JAXP release notes 1.4.4 through 1.4.6, JDK7 has been updated partially to Xerces. 2.10. Since it's not a complete update, the version number has not been changed. I wish we could have done a complete update but were constrained by resources. As for the issue you reported, do you happen to know a particular patch in the newer Xerces that would fix your problem?
        Hide
        Christian d'Heureuse added a comment -

        I don't know a patch. The error does not occur with any of the Apache Xerces versions I tested. But it occurs with all the JDK versions I have tested. I guess it's a problem of the JDK implementation.

        I have tested with old binary Xerces JAR files from http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22xerces%22%20AND%20a%3A%22xercesImpl%22

        The first Xerces version that supports XML 1.1 is 2.4.0. When I copy xercesImpl-2.4.0.jar into the lib/endorsed directory of the JRE, the error does not occur.

        Also when I change the XML version at the first line of the data file from "1.1" to "1.0", the error does not occur.

        Show
        Christian d'Heureuse added a comment - I don't know a patch. The error does not occur with any of the Apache Xerces versions I tested. But it occurs with all the JDK versions I have tested. I guess it's a problem of the JDK implementation. I have tested with old binary Xerces JAR files from http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22xerces%22%20AND%20a%3A%22xercesImpl%22 The first Xerces version that supports XML 1.1 is 2.4.0. When I copy xercesImpl-2.4.0.jar into the lib/endorsed directory of the JRE, the error does not occur. Also when I change the XML version at the first line of the data file from "1.1" to "1.0", the error does not occur.

          People

          • Assignee:
            Joe Wang
            Reporter:
            Christian d'Heureuse
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: