commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tejas Patel (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COLLECTIONS-599) HashEntry array object naming data initialized with double the size during deserialization
Date Fri, 02 Dec 2016 12:05:59 GMT

    [ https://issues.apache.org/jira/browse/COLLECTIONS-599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15714952#comment-15714952
] 

Tejas Patel commented on COLLECTIONS-599:
-----------------------------------------

Possible fix would be calculating threshold before putting the data in doReadObject API. 
Calculating threshold would not initialize the array by double.
Please find the code below : 

protected void doReadObject(ObjectInputStream in)
    throws IOException, ClassNotFoundException
  {
    this.loadFactor = in.readFloat();
    int capacity = in.readInt();
    int size = in.readInt();
    init();
    this.data = new HashEntry[capacity];
    this.threshold = calculateThreshold(this.data.length, this.loadFactor);
    for (int i = 0; i < size; i++)
    {
      Object key = in.readObject();
      Object value = in.readObject();
      put(key, value);
    }
    
  }

Why these is critical because this version of jar are been used by struts 2 . 
I saw these been changed in version 4.1 , but if you classes in 4.1 are declared in different
package.
We should have provide fix for these version as we cant change jars which is internally using
these stuff. 



> HashEntry array object naming data initialized with double the size during deserialization
> ------------------------------------------------------------------------------------------
>
>                 Key: COLLECTIONS-599
>                 URL: https://issues.apache.org/jira/browse/COLLECTIONS-599
>             Project: Commons Collections
>          Issue Type: Bug
>          Components: Collection, Map
>    Affects Versions: 3.1
>            Reporter: Tejas Patel
>            Priority: Critical
>             Fix For: 4.1
>
>
> Common collections 3.1 and 3.2 are used at many places and frameworks including struts2.

> Supose a LinkedMap object it is created and have size greater than zero is serialized.
While deserializing this object , array of HashEntry naming data delacred in AbstractHashedMap
always initialises with a new capacity of double its double of the serialized object. 
> Please see the below API declared in AbstractHashedMap class :
> protected void checkCapacity()
>   {
>     if (this.size >= this.threshold)
>     {
>       int newCapacity = this.data.length * 2;
>       if (newCapacity <= 1073741824) {
>         ensureCapacity(newCapacity);
>       }
>     }
>   }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message