RFR: 8328919: Add BodyHandlers / BodySubscribers methods to handle excessive server input [v5]

[Volkan Yazıcı]

On Wed, 15 Jan 2025 14:57:09 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> src/java.net.http/share/classes/java/net/http/HttpResponse.java line 758:
>> 
>>> 756:          * <p>
>>> 757:          * If the number of bytes received exceeds the maximum number of bytes
>>> 758:          * desired as indicated by the given {@code capacity},
>> 
>> Should we consider simplifying this sentence to "If the number of bytes received exceeds the given {@code capacity}, ..."?
>
> Good suggestion.

Fixed in 23f79a20476f784058801454a28d37f37df92982.

>> src/java.net.http/share/classes/jdk/internal/net/http/LimitingSubscriber.java line 118:
>> 
>>> 116:     private boolean allocateLength(List<ByteBuffer> buffers) {
>>> 117:         long bufferLength = buffers.stream().mapToLong(Buffer::remaining).sum();
>>> 118:         long nextLength = Math.addExact(length, bufferLength);
>> 
>> `Math.addExact` throws a `ArithmeticException` if there's an overflow during the addition. In its current form, this code can end up propagating the exception from here. Instead we should add a try/catch block to catch it and return false (implying the capacity has exceeded).
>
> Good catch!

Fixed in 23f79a20476f784058801454a28d37f37df92982.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/23096#discussion_r1918020426
PR Review Comment: https://git.openjdk.org/jdk/pull/23096#discussion_r1918049327