You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/11/22 09:56:52 UTC
DO NOT REPLY [Bug 14760] New: -
Array overflow exception in InternalOutputBuffer
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14760>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14760
Array overflow exception in InternalOutputBuffer
Summary: Array overflow exception in InternalOutputBuffer
Product: Tomcat 4
Version: 4.1.12
Platform: Sun
OS/Version: Solaris
Status: UNCONFIRMED
Severity: Major
Priority: Other
Component: Connector:Coyote HTTP/1.1
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: tcbug@hippoit.co.uk
Overview:
Variable 'buf' in org.apache.coyote.http11.InternalOutputBuffer can overflow in
the write method.
Steps to Reproduce:
Unsure, appears eventually under medium load on our web-app. Continually hitting
tomcat with requests which produce a lot of output data will eventually trigger it.
Notes:
I added some extra logging into InternalOutputBuffer to see what the contents of
the 'buf' array were and at the point it overflows it appears to have multiple
sets of response headers as below:
--- snip ---
HTTP/1.1 200 OK
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: no-cache, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Transfer-Encoding: chunked
Date: Thu, 21 Nov 2002 12:02:39 GMT
Server: Apache Coyote/1.0
HTTP/1.1 200 OK
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: no-cache, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Transfer-Encoding: chunked
Date: Thu, 21 Nov 2002 12:02:39 GMT
Server: Apache Coyote/1.0
Transfer-Encoding: chunked
Date: Thu, 21 Nov 2002 12:02:39 GMT
Server: Apache Coyote/1.0
HTTP/1.1 200 OK
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: no-cache, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Transfer-Encoding: chunked
Date: Thu, 21 Nov 2002 12:02:39 GMT
Server: Apache Coyote/1.0
Transfer-Encoding: chunked
Date: Thu, 21 Nov 2002 12:02:39 GMT
--- snip ---
The buffer contains 32k worth of this stuff repeated at the point at which it
overflows.
The exception occurs due to the array index 'pos' being incremented without a
range check to ensure that it's not going past the end of 'buf' but I'm assuming
that the root problem is the fact that it's filling up at all rather than the
lack of range checking.
Stack Trace:
java.lang.ArrayIndexOutOfBoundsException
at
org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:615)
at
org.apache.coyote.http11.InternalOutputBuffer.sendStatus(InternalOutputBuffer.java:407)
at
org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:901)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:471)
at org.apache.coyote.Response.action(Response.java:214)
at
org.apache.coyote.http11.InternalOutputBuffer.doWrite(InternalOutputBuffer.java:516)
at org.apache.coyote.Response.doWrite(Response.java:513)
at org.apache.coyote.tomcat4.OutputBuffer.realWriteBytes(OutputBuffer.java:380)
at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:360)
at org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:338)
at org.apache.tomcat.util.buf.IntermediateOutputStream.write(C2BConverter.java:273)
at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:334)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:403)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:407)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:150)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
at org.apache.tomcat.util.buf.WriteConvertor.flush(C2BConverter.java:222)
at org.apache.tomcat.util.buf.C2BConverter.flushBuffer(C2BConverter.java:165)
at org.apache.coyote.tomcat4.OutputBuffer.realWriteChars(OutputBuffer.java:576)
at org.apache.tomcat.util.buf.CharChunk.flushBuffer(CharChunk.java:388)
at org.apache.coyote.tomcat4.OutputBuffer.flush(OutputBuffer.java:340)
at java.io.PrintWriter.flush(PrintWriter.java:120)
at org.apache.coyote.tomcat4.CoyoteWriter.flush(CoyoteWriter.java:97)
at org.apache.catalina.valves.ErrorReportValve.report(ErrorReportValve.java:366)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:205)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:380)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
at java.lang.Thread.run(Thread.java:536)
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>