You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Michael Pujos (JIRA)" <ji...@apache.org> on 2012/05/22 15:01:41 UTC
[jira] [Comment Edited] (HTTPCORE-263) IndexOutOfBoundsException
thrown in AbstractSessionInputBuffer.readLine()
[ https://issues.apache.org/jira/browse/HTTPCORE-263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13280920#comment-13280920 ]
Michael Pujos edited comment on HTTPCORE-263 at 5/22/12 1:00 PM:
-----------------------------------------------------------------
I cannot easily make a test at the moment but producing a crafted request which result in the following situation when entering the function should trigger it:
this.buffer ...........|CR|LF|............
^
|
this.bufferpos
pos
Now it is probable this has gone unnoticed because http client code making regular http requests never put CR in requests (note sure about that, it is just a supposition).
Maybe it is of much higher occurence with UPnP stacks making http-like requests.
was (Author: bubbleguuum):
I cannot easily make a test at the moment but producing a crafted request which result in the following situation when entering the function should trigger it:
this.buffer ...........|CR|LF|............
^
|
this.bufferpos
pos
Now it is probable this has gone unnoticed because http client code making regular http requests never put CR in requests (note sure about that, it is just a supposition).
Maybe it is of much higher occurence with UPnP stacks making http-like requests.
> IndexOutOfBoundsException thrown in AbstractSessionInputBuffer.readLine()
> -------------------------------------------------------------------------
>
> Key: HTTPCORE-263
> URL: https://issues.apache.org/jira/browse/HTTPCORE-263
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore
> Affects Versions: 4.1.1
> Environment: reported on Android 2.3.3 using repackaged httpcore 4.1.1, optimized and obfuscated with Proguard
> Reporter: Michael Pujos
> Priority: Minor
> Fix For: 4.2.1
>
>
> I've got the exception below reported in my Android app using (repackaged) httpcore 4.1.1:
> java.lang.IndexOutOfBoundsException: off: 1088 len: -1 b.length: 8192
> at org.apache.http.util.CharArrayBuffer.append(SourceFile:185)
> at org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(SourceFile:251)
> at org.apache.http.impl.io.HttpRequestParser.parseHead(SourceFile:90)
> at org.apache.http.impl.io.AbstractMessageParser.parseHead(SourceFile:252)
> parse
> at org.apache.http.impl.AbstractHttpServerConnection.receiveRequestHeader(SourceFile:242)
> at org.apache.http.protocol.HttpService.handleRequest(SourceFile:238)
> at org.teleal.cling.transport.impl.apache.HttpServerConnectionUpnpStream.run(SourceFile:116)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1088)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:581)
> at java.lang.Thread.run(Thread.java:1019)
> It seems to be very rare. Stack trace line number (185) in AbstractSessionInputBuffer doesn't exaclty match the exact line number of the offending append() call (probably due to Proguard).
> However, there are 2 append() calls in readLine(), and it looks like one of them is called with len = -1, triggering the IndexOutOfBoundsException in append()
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org