[security-dev 01643]: Re: Code review request: 6880321 sun.security.provider.JavaKeyStore abuse of OOM Exception handling

Max (Weijun) Wang Weijun.Wang at Sun.COM
Fri Feb 26 06:09:15 UTC 2010


Hi Florian and Andrew

I've created a new webrev for this bug:

    http://cr.openjdk.java.net/~weijun/6880321/webrev.01

This time I use the new IOUtils.readFully() method to read the stream. This method has an internal buffer that grows when more data come, and throws an EOFException (which is a child of IOException) when there're not enough bytes. I also use a temporary List to hold the certificate list.

Thanks
Max

On Sep 22, 2009, at 6:10 PM, Xuelei Fan wrote:

> Max (Weijun) Wang wrote:
>> 
>> On Sep 22, 2009, at 4:09 PM, Florian Weimer wrote:
>> 
>>> * Max Wang:
>>> 
>>>> Please take a review on this code change:
>>>> 
>>>>   http://cr.openjdk.java.net/~weijun/6880321/webrev.00/
>>> 
>>> This code is still unreliable.  You cannot hide OutOfMemoryError this
>>> way.  The error could even be thrown in a completely unrelated thread.
>>> 
>>> There is no really good way to deal with this type of resource
>>> exhaustation.  To deal with corrupted files, it is sufficient to grow
>>> arrays as the file is read, so you will hit the end of the file before
>>> the OOM error occurs.
>> 
>> This sounds better.
> Sounds better to me also.
> 
> Andrew
>> 
>> Thanks
>> Max
>> 
>>> 
>>> -- 
>>> Florian Weimer                <fweimer at bfk.de>
>>> BFK edv-consulting GmbH       http://www.bfk.de/
>>> Kriegsstraße 100              tel: +49-721-96201-1
>>> D-76133 Karlsruhe             fax: +49-721-96201-99
>> 
> 




More information about the security-dev mailing list