[Bug 53677] New: ArrayIndexOutOfBoundsException when response header exceeds maxHttpHeaderSize

Tue, 07 Aug 2012 16:28:40 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=53677

          Priority: P2
            Bug ID: 53677
          Assignee: dev@tomcat.apache.org
           Summary: ArrayIndexOutOfBoundsException when response header
                    exceeds maxHttpHeaderSize
          Severity: normal
    Classification: Unclassified
          Reporter: dan...@gmail.com
          Hardware: PC
            Status: NEW
           Version: 6.0.35
         Component: Catalina
           Product: Tomcat 6

Created attachment 29184
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=29184&action=edit
Small sample web app

When a servlet adds enough information to a response exceed the
maxHttpHeaderSize limitconfigured for an HTTP 1.1 connector, an
ArrayIndexOutOfBoundsException is thrown by Tomcat (example stacktrace below),
and the connection is closed without writing any data.

In a scenario like this, should a response with a status of 500 be returned to
indicate a server error? (and perhaps the server should log a message
indicating that the limit has been exceeded for a response, instead of throwing
an ArrayIndexOutOfBoundsException?)



This issue can be reproduced by testing with a servlet that implements this
contrived doGet method (sample application with this is attached):

    protected void doGet(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException {
        char[] bigBuffer = new char[1024 * 8];
        Arrays.fill(bigBuffer, 'a');
        response.setHeader("x-example", new String(bigBuffer));

        response.setContentType("text/plain");
        response.setCharacterEncoding("ISO-8859-1");

        Writer out = response.getWriter();
        out.write("Hello!");
        out.close();
    }


This has been observed under the following configurations:

Tomcat 6.0.26/Oracle JDK 1.6.0_25 (64-bit)/SUSE Linux 10
Tomcat 6.0.35/Oracle JDK 1.7.0 (64-bit)/Windows 7

- Tomcat is not running behind a web server in any of these configurations

- The connector being used in both cases is Coyote HTTP/1.1




Stacktrace:

Aug 07, 2012 6:11:26 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet SampleServlet threw exception
java.lang.ArrayIndexOutOfBoundsException: 8192
    at
org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:730)
    at
org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:641)
    at
org.apache.coyote.http11.InternalOutputBuffer.sendHeader(InternalOutputBuffer.java:514)
    at
org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1637)
    at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:956)
    at org.apache.coyote.Response.action(Response.java:183)
    at org.apache.coyote.Response.sendHeaders(Response.java:379)
    at
org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:314)
    at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:274)
    at org.apache.catalina.connector.CoyoteWriter.close(CoyoteWriter.java:108)
    at com.example.SampleServlet.doGet(SampleServlet.java:36)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
    at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Unknown Source)

Aug 07, 2012 6:11:26 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet SampleServlet threw exception
java.lang.ArrayIndexOutOfBoundsException: 8192
    at
org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:730)
    at
org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:641)
    at
org.apache.coyote.http11.InternalOutputBuffer.sendHeader(InternalOutputBuffer.java:514)
    at
org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1637)
    at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:956)
    at org.apache.coyote.Response.action(Response.java:183)
    at org.apache.coyote.Response.sendHeaders(Response.java:379)
    at
org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:314)
    at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:274)
    at org.apache.catalina.connector.CoyoteWriter.close(CoyoteWriter.java:108)
    at com.example.SampleServlet.doGet(SampleServlet.java:36)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
    at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Unknown Source)

Aug 07, 2012 6:11:26 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error processing request
java.lang.ArrayIndexOutOfBoundsException
    at java.lang.System.arraycopy(Native Method)
    at
org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:701)
    at
org.apache.coyote.http11.InternalOutputBuffer.sendStatus(InternalOutputBuffer.java:438)
    at
org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1624)
    at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:956)
    at org.apache.coyote.Response.action(Response.java:183)
    at org.apache.coyote.Response.sendHeaders(Response.java:379)
    at
org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:314)
    at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:274)
    at org.apache.catalina.connector.Response.finishResponse(Response.java:493)
    at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:317)
    at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
    at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Unknown Source)

Aug 07, 2012 6:11:26 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error processing request
java.lang.ArrayIndexOutOfBoundsException
    at java.lang.System.arraycopy(Native Method)
    at
org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:701)
    at
org.apache.coyote.http11.InternalOutputBuffer.sendStatus(InternalOutputBuffer.java:438)
    at
org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1624)
    at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:956)
    at org.apache.coyote.Response.action(Response.java:183)
    at org.apache.coyote.Response.sendHeaders(Response.java:379)
    at
org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:314)
    at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:274)
    at org.apache.catalina.connector.Response.finishResponse(Response.java:493)
    at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:317)
    at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
    at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Unknown Source)

Aug 07, 2012 6:11:26 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error finishing response
java.lang.ArrayIndexOutOfBoundsException
    at java.lang.System.arraycopy(Native Method)
    at
org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:701)
    at
org.apache.coyote.http11.InternalOutputBuffer.sendStatus(InternalOutputBuffer.java:438)
    at
org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1624)
    at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:956)
    at org.apache.coyote.Response.action(Response.java:181)
    at
org.apache.coyote.http11.InternalOutputBuffer.endRequest(InternalOutputBuffer.java:398)
    at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:901)
    at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Unknown Source)

Aug 07, 2012 6:11:26 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error finishing response
java.lang.ArrayIndexOutOfBoundsException
    at java.lang.System.arraycopy(Native Method)
    at
org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:701)
    at
org.apache.coyote.http11.InternalOutputBuffer.sendStatus(InternalOutputBuffer.java:438)
    at
org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1624)
    at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:956)
    at org.apache.coyote.Response.action(Response.java:181)
    at
org.apache.coyote.http11.InternalOutputBuffer.endRequest(InternalOutputBuffer.java:398)
    at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:901)
    at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Unknown Source)

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to