Expected either attr limit (2147483647) >= currAttrSize (0) OR >= outBuf.length (96)

[j3rem1e]

After upgrading my application to woodstock v6.2.x, importing xml failed with this exception :

Caused by: java.lang.RuntimeException: Internal error: Expected either attr limit (2147483647) >= currAttrSize (0) OR >= outBuf.length (96)
	at com.ctc.wstx.util.ExceptionUtil.throwInternal(ExceptionUtil.java:69) ~[?:?]
	at com.ctc.wstx.sr.BasicStreamReader._checkAttributeLimit(BasicStreamReader.java:2056) ~[?:?]
	at com.ctc.wstx.sr.BasicStreamReader.parseAttrValue(BasicStreamReader.java:2038) ~[?:?]
	at com.ctc.wstx.sr.BasicStreamReader.handleNsAttrs(BasicStreamReader.java:3144) ~[?:?]
	at com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:3042) ~[?:?]
	at com.ctc.wstx.sr.BasicStreamReader.handleRootElem(BasicStreamReader.java:2188) ~[?:?]
	at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:2168) ~[?:?]
	at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1180) ~[?:?]

downgrading to v6.0.2 fixes it.

I don't really understand what the message means.. ;)

The code looks like the following :

public static void checkSVG(final String svg) {
	boolean allowed = true;

	XMLInputFactory factory = XMLInputFactory.newInstance();
	factory.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE);
	factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
	factory.setProperty("com.ctc.wstx.maxAttributeSize", Integer.MAX_VALUE);

	XMLStreamReader reader = factory.createXMLStreamReader(new StringReader(svg))
	try {
		while (reader.hasNext()) {
			if (reader.next() == XMLEvent.START_ELEMENT) {

				if (!WHITELIST_ELEMENTS.contains(reader.getLocalName())) {
					allowed = false;
				}
				
				int attcount = reader.getAttributeCount();
				for (int i = 0; i < attcount; ++i) {
					String attName = reader.getAttributeLocalName(i); 
					if (!WHITELIST_ATTRIBUTES.contains(attName)) {
						allowed = false;
					}
				}
			}
		}
	} catch (final XMLStreamException e) {
		ExceptionUtils.throwRuntimeException(e);
	}
	
	if (!allowed) {
		throw new SecurityException("xxx");
	}
}

[cowtowncoder]

This is probably a bug in Woodstox code, and I am guessing result of fix for #112. It'd be great if you could come up with a test case to reproduce it as it's bit tricky to reproduce otherwise... although I can try.

The thing that I think triggers this is likely this line:

factory.setProperty("com.ctc.wstx.maxAttributeSize", Integer.MAX_VALUE);

because value is simply added to offset and I think that will cause integer overflow.
So a work-around would be just using, say:

factory.setProperty("com.ctc.wstx.maxAttributeSize", Integer.MAX_VALUE/2);

which I suspect would prevent the problem.

But I'd like to fix the problem itself.

[cowtowncoder]

Was able to reproduce this easily. Fixed, releasing 6.2.4 now since this is pretty gnarly bug.