[
http://jira.codehaus.org/browse/MINDEXER-28?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=269814#action_269814
]
Tamás Cservenák commented on MINDEXER-28:
-----------------------------------------
Added to IndexDataReader.readUtf() to make code more robust to junk inputs:
{noformat}
byte[] bytearr;
char[] chararr;
try
{
bytearr = new byte[utflen];
chararr = new char[utflen];
}
catch ( OutOfMemoryError e )
{
final IOException ex =
new IOException(
"Index data content is inappropriate (is junk?), leads to
OutOfMemoryError! See MINDEXER-28 for more information!" );
e.initCause( e );
throw ex;
}
{noformat}
> OOME when fed garbage
> ---------------------
>
> Key: MINDEXER-28
> URL: http://jira.codehaus.org/browse/MINDEXER-28
> Project: Maven Indexer
> Issue Type: Bug
> Affects Versions: 4.0.0
> Environment: JDK 6u24 on Ubuntu x86
> Reporter: Jesse Glick
> Priority: Minor
>
> See http://netbeans.org/bugzilla/show_bug.cgi?id=197988#c1 for background.
> Without the fix of MINDEXER-20 in place, the indexer will throw an
> {{OutOfMemoryError}} when given http://www.jasperforge.org/maven2/.index/
> since that site serves junk HTML with a 200 HTTP status.
> Since the code allocates an array whose length is a 32-bit int taken from an
> unverified source, it would be best to somehow handle the case that a random
> large number is read and an OOME is thrown - perhaps rethrowing as an
> {{IOException}}.
> MINDEXER-20 should prevent the bug precondition from being triggered nearly
> as often, but the input could randomly happen to begin with 0x01.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
