Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible hang in XML Parser #35

Closed
rohanpadhye opened this issue Mar 11, 2018 · 1 comment
Closed

Possible hang in XML Parser #35

rohanpadhye opened this issue Mar 11, 2018 · 1 comment
Assignees
Milestone

Comments

@rohanpadhye
Copy link

@rohanpadhye rohanpadhye commented Mar 11, 2018

Found another XML issue via Maven, but not sure if it is rooted in plexus-utils.

hang.xml:

<project /><?>

Test:

mvn -f hang.xml
> [INFO] Scanning for projects...   # Gets stuck here forever

My profiler shows me that 100% CPU is being spent in: org.codehaus.plexus.util.xml.XmlReader.read().

I've reported this to Maven in MGN-6374, but I'm not sure which is the right project to report this to.

Versions affected: Maven 3.5.2 and plexus-utils 3.1.0.

This issue was also encountered when fuzzing with JQF.

@michael-o
Copy link
Member

@michael-o michael-o commented Mar 11, 2018

That's fine, this is the upstream issue, MNG is the downstream one.

belingueres referenced this issue in belingueres/plexus-utils Dec 4, 2018
Solved infinite loop in MXParser when parsing a malformed Processing
Instruction.
belingueres referenced this issue in belingueres/plexus-utils Mar 9, 2019
Solved infinite loop in MXParser when parsing a malformed Processing
Instruction.
@hboutemy hboutemy self-assigned this Mar 10, 2019
@hboutemy hboutemy added this to the 3.2.0 milestone Mar 10, 2019
@hboutemy hboutemy changed the title Possible hang in XMLReader Possible hang in XML Parser Mar 10, 2019
@hboutemy hboutemy closed this Mar 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants