-
Bug
-
Resolution: Fixed
-
P4
-
7
-
b20
-
x86
-
windows_7
FULL PRODUCT VERSION :
java version "1.7.0_04"
Java(TM) SE Runtime Environment (build 1.7.0_04-b22)
Java HotSpot(TM) Client VM (build 23.0-b21, mixed mode, sharing)
java version "1.6.0_32"
Java(TM) SE Runtime Environment (build 1.6.0_32-b05)
Java HotSpot(TM) Client VM (build 20.7-b02, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Windows 7 Enterprise 32-bit [Version 6.1.7600]
A DESCRIPTION OF THE PROBLEM :
The following (invalid) HTML will crash javax.swing.text.html.parser.Parser with a StackOverflowError:
<html><body><form>
<select>
<option value="1"><li></option>
</select>
</form></body></html>
Tested on 7u4, 6u31 and 6u32.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Read the above HTML into an HTMLEditorKit (see test case below)
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Document loads OK and can be iterated through to extract content
ACTUAL -
StackOverflowError, as below - it gets stuck in javax.swing.text.html.parser.Parser.legalElementContext recursing back into itself
ERROR MESSAGES/STACK TRACES THAT OCCUR :
From 7u4:
Exception in thread "main" java.lang.StackOverflowError
at javax.swing.text.html.parser.ContentModelState.advance(ContentModelState.java:201)
at javax.swing.text.html.parser.ContentModelState.advance(ContentModelState.java:224)
at javax.swing.text.html.parser.TagStack.advance(TagStack.java:138)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:616)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:702)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:642)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:702)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:642)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:702)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:642)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:702)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:642)
(and continues to repeat the last two lines until the end of the trace)
From 6u32:
Exception in thread "main" java.lang.StackOverflowError
at javax.swing.text.html.parser.ContentModel.first(ContentModel.java:139)
at javax.swing.text.html.parser.ContentModelState.advance(ContentModelState.java:184)
at javax.swing.text.html.parser.ContentModelState.advance(ContentModelState.java:207)
at javax.swing.text.html.parser.TagStack.advance(TagStack.java:137)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:600)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:688)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:626)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:688)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:626)
ditto last two lines repeat.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import javax.swing.text.html.HTMLDocument;
import javax.swing.text.html.HTMLEditorKit;
import java.io.StringReader;
import java.io.Reader;
public class ParserCrash
{
/**
* li element inside an option will crash javax.swing.text.html.parser.Parser
*/
public static void main( String[] argv ) throws Exception
{
String badHtml = "<html><body><form><select><option><li></option></select></form></body></html>";
HTMLEditorKit kit = new HTMLEditorKit();
HTMLDocument doc = (HTMLDocument) kit.createDefaultDocument();
Reader reader = new StringReader(badHtml);
kit.read(reader, doc, 0); // StackOverflowError here
System.out.println("Succeeded! (expected StackOverflowError");
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Repair the broken HTML in our CMS.
(It took a while to track this down because we hit this error after nine hours of a Jackrabbit content reindex, and because the StackOverflowError is a Throwable not an Exception it wasn't getting logged.)
java version "1.7.0_04"
Java(TM) SE Runtime Environment (build 1.7.0_04-b22)
Java HotSpot(TM) Client VM (build 23.0-b21, mixed mode, sharing)
java version "1.6.0_32"
Java(TM) SE Runtime Environment (build 1.6.0_32-b05)
Java HotSpot(TM) Client VM (build 20.7-b02, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Windows 7 Enterprise 32-bit [Version 6.1.7600]
A DESCRIPTION OF THE PROBLEM :
The following (invalid) HTML will crash javax.swing.text.html.parser.Parser with a StackOverflowError:
<html><body><form>
<select>
<option value="1"><li></option>
</select>
</form></body></html>
Tested on 7u4, 6u31 and 6u32.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Read the above HTML into an HTMLEditorKit (see test case below)
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Document loads OK and can be iterated through to extract content
ACTUAL -
StackOverflowError, as below - it gets stuck in javax.swing.text.html.parser.Parser.legalElementContext recursing back into itself
ERROR MESSAGES/STACK TRACES THAT OCCUR :
From 7u4:
Exception in thread "main" java.lang.StackOverflowError
at javax.swing.text.html.parser.ContentModelState.advance(ContentModelState.java:201)
at javax.swing.text.html.parser.ContentModelState.advance(ContentModelState.java:224)
at javax.swing.text.html.parser.TagStack.advance(TagStack.java:138)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:616)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:702)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:642)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:702)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:642)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:702)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:642)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:702)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:642)
(and continues to repeat the last two lines until the end of the trace)
From 6u32:
Exception in thread "main" java.lang.StackOverflowError
at javax.swing.text.html.parser.ContentModel.first(ContentModel.java:139)
at javax.swing.text.html.parser.ContentModelState.advance(ContentModelState.java:184)
at javax.swing.text.html.parser.ContentModelState.advance(ContentModelState.java:207)
at javax.swing.text.html.parser.TagStack.advance(TagStack.java:137)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:600)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:688)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:626)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:688)
at javax.swing.text.html.parser.Parser.legalElementContext(Parser.java:626)
ditto last two lines repeat.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import javax.swing.text.html.HTMLDocument;
import javax.swing.text.html.HTMLEditorKit;
import java.io.StringReader;
import java.io.Reader;
public class ParserCrash
{
/**
* li element inside an option will crash javax.swing.text.html.parser.Parser
*/
public static void main( String[] argv ) throws Exception
{
String badHtml = "<html><body><form><select><option><li></option></select></form></body></html>";
HTMLEditorKit kit = new HTMLEditorKit();
HTMLDocument doc = (HTMLDocument) kit.createDefaultDocument();
Reader reader = new StringReader(badHtml);
kit.read(reader, doc, 0); // StackOverflowError here
System.out.println("Succeeded! (expected StackOverflowError");
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Repair the broken HTML in our CMS.
(It took a while to track this down because we hit this error after nine hours of a Jackrabbit content reindex, and because the StackOverflowError is a Throwable not an Exception it wasn't getting logged.)
