Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Uncaught IllegalArgumentException due to malformed unicode entity ref #57

Closed
rohanpadhye opened this issue Jan 24, 2019 · 2 comments
Assignees
Milestone

Comments

@rohanpadhye
Copy link

@rohanpadhye rohanpadhye commented Jan 24, 2019

Sample Maven pom.xml below:

<project name="&#xFFFFFF;"></project>

0xFFFFFF is not a valid Unicode codepoint. This leads to the following uncaught exception arising from plexus when running mvn:

Caused by: java.lang.IllegalArgumentException
    at org.codehaus.plexus.util.xml.pull.MXParser.toChars (MXParser.java:4023)
    at org.codehaus.plexus.util.xml.pull.MXParser.parseEntityRef (MXParser.java:2727)
    at org.codehaus.plexus.util.xml.pull.MXParser.parseAttribute (MXParser.java:2522)
    at org.codehaus.plexus.util.xml.pull.MXParser.parseStartTag (MXParser.java:2218)
    at org.codehaus.plexus.util.xml.pull.MXParser.parseProlog (MXParser.java:1801)
    at org.codehaus.plexus.util.xml.pull.MXParser.nextImpl (MXParser.java:1698)
    at org.codehaus.plexus.util.xml.pull.MXParser.next (MXParser.java:1317)
    at org.apache.maven.model.io.xpp3.MavenXpp3ReaderEx.read (MavenXpp3ReaderEx.java:4417)
    at org.apache.maven.model.io.xpp3.MavenXpp3ReaderEx.read (MavenXpp3ReaderEx.java:598)
    at org.apache.maven.model.io.DefaultModelReader.read (DefaultModelReader.java:105)
    at org.apache.maven.model.io.DefaultModelReader.read (DefaultModelReader.java:82)

I'm guessing the expected behavior is to throw an XMLPullParserException instead, to signal an unparsable entity.

Found using JQF.

belingueres added a commit to belingueres/plexus-utils that referenced this issue Jan 25, 2019
… unicode entity

ref

- Added a more readable error message by means of a
XmlPullParserException.
- Improved validation of the numeric character reference, according to
XML 1.0 spec. (https://www.w3.org/TR/REC-xml/#NT-Char)
@rohanpadhye

This comment has been minimized.

Copy link
Author

@rohanpadhye rohanpadhye commented Feb 24, 2019

Note that if the entity ref is not a valid integer, then a NumberFormatException is thrown instead, from Integer.parseInt():

<project name="&#FFFFFFFFFFF;"></project>
Caused by: java.lang.NumberFormatException: For input string: "FFFFFFFFFFF"
    at java.lang.NumberFormatException.forInputString (NumberFormatException.java:65)
    at java.lang.Integer.parseInt (Integer.java:652)
    at org.codehaus.plexus.util.xml.pull.MXParser.parseEntityRef (MXParser.java:2727) 
    ...

However, PR #58 appears to fix this as well, since NumberFormatException is a subclass of IllegalArgumentException, and #58 catches the latter. Thanks @belingueres.

hboutemy added a commit that referenced this issue Mar 10, 2019
- Added a more readable error message by means of a
XmlPullParserException.
- Improved validation of the numeric character reference, according to
XML 1.0 spec. (https://www.w3.org/TR/REC-xml/#NT-Char)
- Added tests for valid char references.
- Catched and fixed wrong parsing bug for decimal >= &#10000
(supplemental) char refs.
@hboutemy

This comment has been minimized.

Copy link
Member

@hboutemy hboutemy commented Mar 10, 2019

PR #58 merged

@hboutemy hboutemy closed this Mar 10, 2019
@hboutemy hboutemy self-assigned this Mar 10, 2019
@hboutemy hboutemy added this to the 3.2.0 milestone Mar 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.