hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HTTPCLIENT-732) Corrupted chunk-size field can cause OutOfMemory exception on ChunkedInputStream
Date Fri, 25 Jan 2008 18:09:37 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12562605#action_12562605
] 

Oleg Kalnichevski commented on HTTPCLIENT-732:
----------------------------------------------

Alex, et al

With all due respect I do not see a point in fixing OME issues in chunk codec and not fixing
them in the HTTP header parser. I also see little sense in adding more hacks to a codebase
that is already full of ugly hacks. Anyways, I'll happily check in the patch (just one patch
in unified diff format, not many) that
(1) retains full API compatibility with 3.1 API (including JRE 1.2.2 compatibility)
(2) has a decent test coverage of the new code
(3) does not break any of the existing test cases

Oleg


> Corrupted chunk-size field can cause OutOfMemory exception on ChunkedInputStream
> --------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-732
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-732
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 3.1 Final
>            Reporter: Alex Holmes
>         Attachments: ChunkedInputStream.java.diffu, HttpGet.java, HttpMethodParams.java.diffu,
TestStreams.java.diffu
>
>
> The ChunkedInputStream.getChunkSizeFromInputStream method keeps reading the chunk-size+extension
line until it reaches the end of the line.  However with corrupted chunked lines of sufficient
size, it keeps reading content into the ByteArrayOutputStream until an OutOfMemory exception
occurs.
> I'm attaching a test client which demonstrates this behavior.  An example of a URL with
a corrupted chunk-size line that causes this exception is here:  http://www.pepoweb.com/gallery/
> It would be useful to have a mechanism by which the max length for both the chunk-size
and chunk-extension fields can be configured.   I'm attaching diff patches that provide two
additional configurable parameters enabling a max byte size for both fields, along with unit
tests to test the changes.
> The patches are based off the 3.0.1 codebase - if there's interest in this fix, I'll
be happy to generate diff's for newer codebases.
> ChunkedInputStream - now throws IOException if max limits on chunk-size/chunk-extension
fields are supplied
> HttpMethodParams - two additional configurables to set max limits on chunk-size/chunk-extension
fields (defaults are unlimited)
> TestStreams - two new methods to test the max chunk-size/chunk-extension behavior of
the ChunkedInputStream
> A key point is that this code is backwards compatible; the default behavior of the ChunkedInputStream
is unchanged (unlimited # of bytes read for chunk-size/chunk-extension fields).
> Thanks,
> Alex 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message