From e526eb44fa3b17823ff34b461ba6f14b65586a52 Mon Sep 17 00:00:00 2001 From: Ed Merks Date: Fri, 13 Dec 2024 13:39:44 +0100 Subject: [PATCH] Configure XML parsers used for p2 metadata to eliminate entity limits https://github.com/eclipse-platform/eclipse.platform.releng.aggregator/issues/2623 --- .../internal/p2/persistence/XMLParser.java | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/persistence/XMLParser.java b/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/persistence/XMLParser.java index 97a6593ae4..3cbfcdaf35 100644 --- a/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/persistence/XMLParser.java +++ b/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/persistence/XMLParser.java @@ -30,6 +30,13 @@ public abstract class XMLParser extends DefaultHandler implements XMLConstants { + // Java 24 and onward restricts the number of entities that may appear in an XML + // document. This limit in too restrictive for p2 XML metadata where a large + // update site can easily have 500,000 or more entities. + // + // https://docs.oracle.com/en/java/javase/17/docs/api/java.xml/module-summary.html#IN_ISFPtable + private static final int MAX_ENTITIES = 0; + // Get the root object that is being parsed. protected abstract Object getRootObject(); @@ -88,6 +95,18 @@ protected SAXParser getParser() throws ParserConfigurationException, SAXExceptio if (theParser == null) { throw new SAXException(Messages.XMLParser_No_SAX_Parser); } + try { + theParser.setProperty("jdk.xml.totalEntitySizeLimit", //$NON-NLS-1$ + Integer.getInteger("jdk.xml.totalEntitySizeLimit", MAX_ENTITIES)); //$NON-NLS-1$ + } catch (SAXException se) { + // Maybe not supported. + } + try { + theParser.setProperty("jdk.xml.maxGeneralEntitySizeLimit", //$NON-NLS-1$ + Integer.getInteger("jdk.xml.maxGeneralEntitySizeLimit", MAX_ENTITIES)); //$NON-NLS-1$ + } catch (SAXException se) { + // Maybe not supported. + } xmlReader = theParser.getXMLReader(); return theParser; }