[security-dev 00951]: Re: code review request 6853793: OutOfMemoryError in sun.security.provider.certpath.OCSPChecker.check

Max (Weijun) Wang Weijun.Wang at Sun.COM
Thu Jul 2 11:05:08 UTC 2009


Webrev looks fine.

>>> no new regression test, trivial changes, hard to write a new test.
>>

This code change is very trivial. But, is there any test for OCSP and  
HTTP timestamping? I think with Michael's HttpServer class in JDK 6,  
maybe you can see if it's easy to add one or two tests.

Thanks
Max

On Jul 2, 2009, at 6:39 PM, Xuelei Fan wrote:

> Much better! The webrev updated.
>
> Thanks,
> Xuelei
>
> Weijun Wang wrote:
>> I understand what the code means. It either reads contentLength  
>> bytes of
>> data, or, if it's -1, reads until EOF.
>>
>> However, I guess it would look simpler if you use only one  
>> while(read):
>>
>>  if (contentLength == -1) {
>>     resp = new byte[contentLength];
>>  } else {
>>     resp = new byte[2048];
>>     contentLength = Integer.MAX_VALUE;
>>  }
>>  while (total < contentLength) {
>>     count = in.read(resp, total, resp.len-total)
>>     if (count < 0) break;
>>     total += count;
>>     if (total almost exceeds resp len) {
>>         resp = Arrays.copyOf(resp, resp.len*2);
>>     }
>>  }
>>
>> Also, I guess the response should be truncated back to total after  
>> the
>> reading is complete.
>>
>>  response = Arrays.copyOf(response, total);
>>
>> Thanks
>> Max
>>
>> Xuelei Fan wrote:
>>
>>> Hi,
>>>
>>> bug desc: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6853793
>>> webrv: http://cr.openjdk.java.net/~xuelei/6853793/webrev/
>>>
>>> no new regression test, trivial changes, hard to write a new test.
>>>
>>> Thanks,
>>> Xuelei
>>>
>




More information about the security-dev mailing list