activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ruffp (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (AMQ-6596) Out Of Memory error reported on ActiveMQ client during openwire unmarshalling
Date Mon, 10 Jul 2017 12:26:00 GMT

    [ https://issues.apache.org/jira/browse/AMQ-6596?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16080250#comment-16080250
] 

ruffp edited comment on AMQ-6596 at 7/10/17 12:25 PM:
------------------------------------------------------

... and if I "dd" your packet.raw with:

{{dd if=packet.raw > /dev/tcp/localhost/61616 }}

I get the OOME everytime.

I think this is more an issue in OpenWire protocol than specific to ActiveMQ.



was (Author: ruffp):
... and if I "dd" your packet with:

{{dd if=packet.raw > /dev/tcp/localhost/61616 }}

I get the OOME everytime.

I think this is more an issue in OpenWire protocol than specific to ActiveMQ.


> Out Of Memory error reported on ActiveMQ client during openwire unmarshalling
> -----------------------------------------------------------------------------
>
>                 Key: AMQ-6596
>                 URL: https://issues.apache.org/jira/browse/AMQ-6596
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker, JMS client, Transport
>    Affects Versions: 5.13.0, 5.13.5, 5.14.3
>         Environment: SUSE Linux Enterprise Server 11 (x86_64), VERSION = 11, PATCHLEVEL
= 3. Java Runtime: IBM Corporation 1.7.0 
>            Reporter: Konstantinos Pistopoulos
>            Priority: Critical
>         Attachments: packet.raw
>
>
> ActiveMQ crashes during a vulnerability scanning using Qualys vulnerability scanner.
> {code}
> 2017-02-10 14:30:18,631 [0.1:55345@61616] WARN  Transport                      - Transport
Connection to: tcp://127.0.0.1:55345 failed: java.io.IOException: Unexpected error occurred:
java.lang.OutOfMemoryError: Java heap space
> {code}
> This OOM error is caused due to an attempt to initialize a huge byte array of 2131230728
bytes size. The problem still occurs even if we define the maxFrameSize to 100MB. 
> It seems that the first comparison with the maxFrameSize is successful (method unmarshal)
but in the later evaluation of dataIn.readInt() in method  looseUnmarshalByteSequence, a huge
value is evaluated (2131230728 bytes)
> {code}
> @Override
>     public Object unmarshal(DataInput dis) throws IOException {
>         DataInput dataIn = dis;
>         if (!sizePrefixDisabled) {
>             int size = dis.readInt();
>             if (size > maxFrameSize) {
>                 throw IOExceptionSupport.createFrameSizeException(size, maxFrameSize);
>             }
>             // int size = dis.readInt();
>             // byte[] data = new byte[size];
>             // dis.readFully(data);
>             // bytesIn.restart(data);
>             // dataIn = bytesIn;
>         }
>         return doUnmarshal(dataIn);
>     }
> {code}
> {code}
>     protected ByteSequence looseUnmarshalByteSequence(DataInput dataIn) throws IOException
{
>         ByteSequence rc = null;
>         if (dataIn.readBoolean()) {
>             int size = dataIn.readInt();
>             byte[] t = new byte[size];
>             dataIn.readFully(t);
>             rc = new ByteSequence(t, 0, size);
>         }
>         return rc;
>     }
> {code}
> Relevant parts of the thread dump can be found below:
> {code}
> WARNING : OutOfMemoryError possibly caused by 2131230728 bytes requested for object of
class 081A5700 from memory space 'Flat' id=080B1898
> {code}
> {code}
> Thread Name
> ActiveMQ Transport: tcp:///10.4.240.10:55345@61616
> State
> Runnable
> Java Stack
> at org/apache/activemq/openwire/v12/BaseDataStreamMarshaller.looseUnmarshalByteSequence(BaseDataStreamMarshaller.java:638)

> at org/apache/activemq/openwire/v12/WireFormatInfoMarshaller.looseUnmarshal(WireFormatInfoMarshaller.java:132)

> at org/apache/activemq/openwire/OpenWireFormat.doUnmarshal(OpenWireFormat.java:367(Compiled
Code)) 
> at org/apache/activemq/openwire/OpenWireFormat.unmarshal(OpenWireFormat.java:278(Compiled
Code)) 
> at org/apache/activemq/transport/tcp/TcpTransport.readCommand(TcpTransport.java:240(Compiled
Code)) 
> at org/apache/activemq/transport/tcp/TcpTransport.doRun(TcpTransport.java:232(Compiled
Code)) 
> at org/apache/activemq/transport/tcp/TcpTransport.run(TcpTransport.java:215) 
> at java/lang/Thread.run(Thread.java:863)
> {code}
> The definition of the transportConnector without the definition of the maxFrameSize is
the following :
> {code}
>         <transportConnectors>
>             <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
>         </transportConnectors>
> {code}
> The definition of the transportConnector after the definition of the maxFrameSize  :
> {code}
>  <transportConnectors>
>       <transportConnector name="openwire" uri="tcp://0.0.0.0:61616?wireFormat.maxFrameSize=104857600"/>
>     </transportConnectors>
> {code}
> We have reproduced this with versions 5.13.0, 5.13.5 and 5.14.3 but this problem is probably
related to other versions too.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message