[ https://issues.apache.org/jira/browse/IO-429?focusedWorklogId=525244&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-525244 ]
ASF GitHub Bot logged work on IO-429: ------------------------------------- Author: ASF GitHub Bot Created on: 16/Dec/20 20:28 Start Date: 16/Dec/20 20:28 Worklog Time Spent: 10m Work Description: leskin-in commented on pull request #175: URL: https://github.com/apache/commons-io/pull/175#issuecomment-746962320 @garydgregory thank you for your [comment](https://github.com/apache/commons-io/pull/175#issuecomment-745740037). I have [implemented](https://github.com/apache/commons-io/pull/175/commits/361765a7fecae0d419828f84de3b825fd77dfa50) a test using [`CircularInputStream`](https://github.com/apache/commons-io/blob/d4e09c7b4ba4a1433feb7e5d4895cd1071e51bb1/src/main/java/org/apache/commons/io/input/CircularInputStream.java); [`IOUtils.copyLarge()`](https://github.com/apache/commons-io/blob/9e71df2a6d879e76f69ffcc2d956dfd5d42f0ba9/src/main/java/org/apache/commons/io/IOUtils.java#L1163) does not return if provided `InifiniteCircularInputStream` as input. Note the new test case requires lots of memory, so heap size limit is [increased](https://github.com/apache/commons-io/pull/175/commits/361765a7fecae0d419828f84de3b825fd77dfa50#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8R387). I do not know whether this is appropriate. The chosen value is the lowest possible, which I obtained empirically on my laptop. [IO-161](https://issues.apache.org/jira/browse/IO-161) introduced heap size limit, and it has remained unchanged since then. But the reasons for this (and why `25M` was chosen) are not clear to me. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 525244) Time Spent: 40m (was: 0.5h) > ByteArrayOutputStream can overflow > ---------------------------------- > > Key: IO-429 > URL: https://issues.apache.org/jira/browse/IO-429 > Project: Commons IO > Issue Type: Bug > Components: Utilities > Reporter: Fabian Lange > Priority: Major > Time Spent: 40m > Remaining Estimate: 0h > > There are many places involved in the problem, and a good fix might be > problematic performance wise. > For example: > IOUtils.toByteArray(InputStream input) invoked with a Stream which feeds more > than Integer.MAX_VALUE bytes will either crash with > NegativeArraySizeException or maybe worse overflow in such a way that it > returns fine (but only with partial data) > The ByteArrayOutputStream will happily consume the full stream but "int > count" will overflow. At some point then toByteArray is invoked which will do > like new byte[count]. > maybe "needNewBuffer" can throw the IllegalArgumentException, as it gets the > count and could check for the overflow. -- This message was sent by Atlassian Jira (v8.3.4#803005)