[jira] Updated: (HTTPCLIENT-732) Corrupted chunk-size field can cause OutOfMemory exception on ChunkedInputStream

Thu, 24 Jan 2008 13:41:03 -0800 

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Alex Holmes updated HTTPCLIENT-732:
-----------------------------------

    Attachment: HttpGet.java

Sample client demonstrating OutOfMemoryError (when pointed at location with 
corrupted chink-size line: http://www.pepoweb.com/gallery/)

> Corrupted chunk-size field can cause OutOfMemory exception on 
> ChunkedInputStream
> --------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-732
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-732
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 3.1.1
>            Reporter: Alex Holmes
>         Attachments: ChunkedInputStream.java.diff, HttpGet.java, 
> HttpMethodParams.java.diff, TestStreams.java.diff
>
>
> The ChunkedInputStream.getChunkSizeFromInputStream method keeps reading the 
> chunk-size+extension line until it reaches the end of the line.  However with 
> corrupted chunked lines of sufficient size, it keeps reading content into the 
> ByteArrayOutputStream until an OutOfMemory exception occurs.
> I'm attaching a test client which demonstrates this behavior.  An example of 
> a URL with a corrupted chunk-size line that causes this exception is here:  
> http://www.pepoweb.com/gallery/
> It would be useful to have a mechanism by which the max length for both the 
> chunk-size and chunk-extension fields can be configured.   I'm attaching diff 
> patches that provide two additional configurable parameters enabling a max 
> byte size for both fields, along with unit tests to test the changes.
> The patches are based off the 3.0.1 codebase - if there's interest in this 
> fix, I'll be happy to generate diff's for newer codebases.
> ChunkedInputStream - now throws IOException if max limits on 
> chunk-size/chunk-extension fields are supplied
> HttpMethodParams - two additional configurables to set max limits on 
> chunk-size/chunk-extension fields (defaults are unlimited)
> TestStreams - two new methods to test the max chunk-size/chunk-extension 
> behavior of the ChunkedInputStream
> A key point is that this code is backwards compatible; the default behavior 
> of the ChunkedInputStream is unchanged (unlimited # of bytes read for 
> chunk-size/chunk-extension fields).
> Thanks,
> Alex 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to