You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Jesse Glick (JIRA)" <ji...@codehaus.org> on 2011/05/04 17:24:37 UTC
[jira] Created: (MINDEXER-28) OOME when fed garbage
OOME when fed garbage
---------------------
Key: MINDEXER-28
URL: http://jira.codehaus.org/browse/MINDEXER-28
Project: Maven Indexer
Issue Type: Bug
Affects Versions: 4.0.0
Environment: JDK 6u24 on Ubuntu x86
Reporter: Jesse Glick
Priority: Minor
See http://netbeans.org/bugzilla/show_bug.cgi?id=197988#c1 for background. Without the fix of MINDEXER-20 in place, the indexer will throw an {{OutOfMemoryError}} when given http://www.jasperforge.org/maven2/.index/ since that site serves junk HTML with a 200 HTTP status.
Since the code allocates an array whose length is a 32-bit int taken from an unverified source, it would be best to somehow handle the case that a random large number is read and an OOME is thrown - perhaps rethrowing as an {{IOException}}.
MINDEXER-20 should prevent the bug precondition from being triggered nearly as often, but the input could randomly happen to begin with 0x01.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MINDEXER-28) OOME when fed garbage
Posted by "Jesse Glick (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MINDEXER-28?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=269816#action_269816 ]
Jesse Glick commented on MINDEXER-28:
-------------------------------------
Looks right to me.
> OOME when fed garbage
> ---------------------
>
> Key: MINDEXER-28
> URL: http://jira.codehaus.org/browse/MINDEXER-28
> Project: Maven Indexer
> Issue Type: Bug
> Affects Versions: 4.0.0
> Environment: JDK 6u24 on Ubuntu x86
> Reporter: Jesse Glick
> Priority: Minor
>
> See http://netbeans.org/bugzilla/show_bug.cgi?id=197988#c1 for background. Without the fix of MINDEXER-20 in place, the indexer will throw an {{OutOfMemoryError}} when given http://www.jasperforge.org/maven2/.index/ since that site serves junk HTML with a 200 HTTP status.
> Since the code allocates an array whose length is a 32-bit int taken from an unverified source, it would be best to somehow handle the case that a random large number is read and an OOME is thrown - perhaps rethrowing as an {{IOException}}.
> MINDEXER-20 should prevent the bug precondition from being triggered nearly as often, but the input could randomly happen to begin with 0x01.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (MINDEXER-28) OOME when fed garbage
Posted by "Tamás Cservenák (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MINDEXER-28?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tamás Cservenák closed MINDEXER-28.
-----------------------------------
Resolution: Fixed
Fix Version/s: 4.1.1
> OOME when fed garbage
> ---------------------
>
> Key: MINDEXER-28
> URL: http://jira.codehaus.org/browse/MINDEXER-28
> Project: Maven Indexer
> Issue Type: Bug
> Affects Versions: 4.0.0
> Environment: JDK 6u24 on Ubuntu x86
> Reporter: Jesse Glick
> Priority: Minor
> Fix For: 4.1.1
>
>
> See http://netbeans.org/bugzilla/show_bug.cgi?id=197988#c1 for background. Without the fix of MINDEXER-20 in place, the indexer will throw an {{OutOfMemoryError}} when given http://www.jasperforge.org/maven2/.index/ since that site serves junk HTML with a 200 HTTP status.
> Since the code allocates an array whose length is a 32-bit int taken from an unverified source, it would be best to somehow handle the case that a random large number is read and an OOME is thrown - perhaps rethrowing as an {{IOException}}.
> MINDEXER-20 should prevent the bug precondition from being triggered nearly as often, but the input could randomly happen to begin with 0x01.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MINDEXER-28) OOME when fed garbage
Posted by "Tamás Cservenák (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MINDEXER-28?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=269814#action_269814 ]
Tamás Cservenák commented on MINDEXER-28:
-----------------------------------------
Added to IndexDataReader.readUtf() to make code more robust to junk inputs:
{noformat}
byte[] bytearr;
char[] chararr;
try
{
bytearr = new byte[utflen];
chararr = new char[utflen];
}
catch ( OutOfMemoryError e )
{
final IOException ex =
new IOException(
"Index data content is inappropriate (is junk?), leads to OutOfMemoryError! See MINDEXER-28 for more information!" );
e.initCause( e );
throw ex;
}
{noformat}
> OOME when fed garbage
> ---------------------
>
> Key: MINDEXER-28
> URL: http://jira.codehaus.org/browse/MINDEXER-28
> Project: Maven Indexer
> Issue Type: Bug
> Affects Versions: 4.0.0
> Environment: JDK 6u24 on Ubuntu x86
> Reporter: Jesse Glick
> Priority: Minor
>
> See http://netbeans.org/bugzilla/show_bug.cgi?id=197988#c1 for background. Without the fix of MINDEXER-20 in place, the indexer will throw an {{OutOfMemoryError}} when given http://www.jasperforge.org/maven2/.index/ since that site serves junk HTML with a 200 HTTP status.
> Since the code allocates an array whose length is a 32-bit int taken from an unverified source, it would be best to somehow handle the case that a random large number is read and an OOME is thrown - perhaps rethrowing as an {{IOException}}.
> MINDEXER-20 should prevent the bug precondition from being triggered nearly as often, but the input could randomly happen to begin with 0x01.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MINDEXER-28) OOME when fed garbage
Posted by "Tamás Cservenák (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MINDEXER-28?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=269822#action_269822 ]
Tamás Cservenák commented on MINDEXER-28:
-----------------------------------------
oops: ex.initCause(e), not like above.... fixed in code too.
> OOME when fed garbage
> ---------------------
>
> Key: MINDEXER-28
> URL: http://jira.codehaus.org/browse/MINDEXER-28
> Project: Maven Indexer
> Issue Type: Bug
> Affects Versions: 4.0.0
> Environment: JDK 6u24 on Ubuntu x86
> Reporter: Jesse Glick
> Priority: Minor
> Fix For: 4.1.1
>
>
> See http://netbeans.org/bugzilla/show_bug.cgi?id=197988#c1 for background. Without the fix of MINDEXER-20 in place, the indexer will throw an {{OutOfMemoryError}} when given http://www.jasperforge.org/maven2/.index/ since that site serves junk HTML with a 200 HTTP status.
> Since the code allocates an array whose length is a 32-bit int taken from an unverified source, it would be best to somehow handle the case that a random large number is read and an OOME is thrown - perhaps rethrowing as an {{IOException}}.
> MINDEXER-20 should prevent the bug precondition from being triggered nearly as often, but the input could randomly happen to begin with 0x01.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira