maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tamás Cservenák (JIRA) <j...@codehaus.org>
Subject [jira] Commented: (MINDEXER-28) OOME when fed garbage
Date Wed, 08 Jun 2011 15:08:24 GMT

    [ http://jira.codehaus.org/browse/MINDEXER-28?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=269814#action_269814
] 

Tamás Cservenák commented on MINDEXER-28:
-----------------------------------------

Added to IndexDataReader.readUtf() to make code more robust to junk inputs:

{noformat}
        byte[] bytearr;
        char[] chararr;

        try
        {
            bytearr = new byte[utflen];
            chararr = new char[utflen];
        }
        catch ( OutOfMemoryError e )
        {
            final IOException ex =
                new IOException(
                    "Index data content is inappropriate (is junk?), leads to OutOfMemoryError!
See MINDEXER-28 for more information!" );
            e.initCause( e );
            throw ex;
        }
{noformat}

> OOME when fed garbage
> ---------------------
>
>                 Key: MINDEXER-28
>                 URL: http://jira.codehaus.org/browse/MINDEXER-28
>             Project: Maven Indexer
>          Issue Type: Bug
>    Affects Versions: 4.0.0
>         Environment: JDK 6u24 on Ubuntu x86
>            Reporter: Jesse Glick
>            Priority: Minor
>
> See http://netbeans.org/bugzilla/show_bug.cgi?id=197988#c1 for background. Without the
fix of MINDEXER-20 in place, the indexer will throw an {{OutOfMemoryError}} when given http://www.jasperforge.org/maven2/.index/
since that site serves junk HTML with a 200 HTTP status.
> Since the code allocates an array whose length is a 32-bit int taken from an unverified
source, it would be best to somehow handle the case that a random large number is read and
an OOME is thrown - perhaps rethrowing as an {{IOException}}.
> MINDEXER-20 should prevent the bug precondition from being triggered nearly as often,
but the input could randomly happen to begin with 0x01.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message