You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Konstantinos Pistopoulos (JIRA)" <ji...@apache.org> on 2017/02/10 14:51:41 UTC
[jira] [Updated] (AMQ-6596) Out Of Memory error reported on
ActiveMQ client during openwire unmarshalling
[ https://issues.apache.org/jira/browse/AMQ-6596?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Konstantinos Pistopoulos updated AMQ-6596:
------------------------------------------
Attachment: packet.raw
Please find attached the packet that was responsible for this behavior (packet.raw)
> Out Of Memory error reported on ActiveMQ client during openwire unmarshalling
> -----------------------------------------------------------------------------
>
> Key: AMQ-6596
> URL: https://issues.apache.org/jira/browse/AMQ-6596
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker, JMS client, Transport
> Affects Versions: 5.13.0, 5.13.5, 5.14.3
> Environment: SUSE Linux Enterprise Server 11 (x86_64), VERSION = 11, PATCHLEVEL = 3
> Reporter: Konstantinos Pistopoulos
> Attachments: packet.raw
>
>
> ActiveMQ crashes during a vulnerability scanning using Qualys vulnerability scanner.
> {code}
> 2017-02-10 14:30:18,631 [0.1:55345@61616] WARN Transport - Transport Connection to: tcp://127.0.0.1:55345 failed: java.io.IOException: Unexpected error occurred: java.lang.OutOfMemoryError: Java heap space
> {code}
> This OOM error is caused due to an attempt to initialize a huge byte array of 2131230728 bytes size. The problem still occurs even if we define the maxFrameSize to 100MB.
> It seems that the first comparison with the maxFrameSize is successful (method unmarshal) but in the later evaluation of dataIn.readInt() in method looseUnmarshalByteSequence, a huge value is evaluated (2131230728 bytes)
> {code}
> @Override
> public Object unmarshal(DataInput dis) throws IOException {
> DataInput dataIn = dis;
> if (!sizePrefixDisabled) {
> int size = dis.readInt();
> if (size > maxFrameSize) {
> throw IOExceptionSupport.createFrameSizeException(size, maxFrameSize);
> }
> // int size = dis.readInt();
> // byte[] data = new byte[size];
> // dis.readFully(data);
> // bytesIn.restart(data);
> // dataIn = bytesIn;
> }
> return doUnmarshal(dataIn);
> }
> {code}
> {code}
> protected ByteSequence looseUnmarshalByteSequence(DataInput dataIn) throws IOException {
> ByteSequence rc = null;
> if (dataIn.readBoolean()) {
> int size = dataIn.readInt();
> byte[] t = new byte[size];
> dataIn.readFully(t);
> rc = new ByteSequence(t, 0, size);
> }
> return rc;
> }
> {code}
> Relevant parts of the thread dump can be found below:
> {code}
> WARNING : OutOfMemoryError possibly caused by 2131230728 bytes requested for object of class 081A5700 from memory space 'Flat' id=080B1898
> {code}
> {code}
> Thread Name
> ActiveMQ Transport: tcp:///10.4.240.10:55345@61616
> State
> Runnable
> Java Stack
> at org/apache/activemq/openwire/v12/BaseDataStreamMarshaller.looseUnmarshalByteSequence(BaseDataStreamMarshaller.java:638)
> at org/apache/activemq/openwire/v12/WireFormatInfoMarshaller.looseUnmarshal(WireFormatInfoMarshaller.java:132)
> at org/apache/activemq/openwire/OpenWireFormat.doUnmarshal(OpenWireFormat.java:367(Compiled Code))
> at org/apache/activemq/openwire/OpenWireFormat.unmarshal(OpenWireFormat.java:278(Compiled Code))
> at org/apache/activemq/transport/tcp/TcpTransport.readCommand(TcpTransport.java:240(Compiled Code))
> at org/apache/activemq/transport/tcp/TcpTransport.doRun(TcpTransport.java:232(Compiled Code))
> at org/apache/activemq/transport/tcp/TcpTransport.run(TcpTransport.java:215)
> at java/lang/Thread.run(Thread.java:863)
> {code}
> The definition of the transportConnector without the definition of the maxFrameSize is the following :
> {code}
> <transportConnectors>
> <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
> </transportConnectors>
> {code}
> The definition of the transportConnector after the definition of the maxFrameSize :
> {code}
> <transportConnectors>
> <transportConnector name="openwire" uri="tcp://0.0.0.0:61616?wireFormat.maxFrameSize=104857600"/>
> </transportConnectors>
> {code}
> We have reproduced this with versions 5.13.0, 5.13.5 and 5.14.3 but this problem is probably related to other versions too.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)