RFR: 8328919: Add BodyHandlers / BodySubscribers methods to handle excessive server input [v5]
Jaikiran Pai
jpai at openjdk.org
Wed Jan 15 14:50:41 UTC 2025
On Wed, 15 Jan 2025 10:50:55 GMT, Volkan Yazıcı <duke at openjdk.org> wrote:
>> Adds `limiting()` factory methods to `HttpResponse.Body{Handlers,Subscribers}` to handle excessive server input in `HttpClient`. I would appreciate your input whether `discardExcess` should be kept or dropped. I plan to file a CSR once there is an agreement on the PR.
>
> Volkan Yazıcı has updated the pull request incrementally with one additional commit since the last revision:
>
> Remove concurrency measures (methods are accessed serially due to the Reactive Streams spec)
src/java.net.http/share/classes/jdk/internal/net/http/LimitingSubscriber.java line 118:
> 116: private boolean allocateLength(List<ByteBuffer> buffers) {
> 117: long bufferLength = buffers.stream().mapToLong(Buffer::remaining).sum();
> 118: long nextLength = Math.addExact(length, bufferLength);
`Math.addExact` throws a `ArithmeticException` if there's an overflow during the addition. In its current form, this code can end up propagating the exception from here. Instead we should add a try/catch block to catch it and return false (implying the capacity has exceeded).
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23096#discussion_r1916789822
More information about the net-dev
mailing list