[security-dev 01643]: Re: Code review request: 6880321 sun.security.provider.JavaKeyStore abuse of OOM Exception handling
Max (Weijun) Wang
Weijun.Wang at Sun.COM
Fri Feb 26 06:09:15 UTC 2010
Hi Florian and Andrew
I've created a new webrev for this bug:
http://cr.openjdk.java.net/~weijun/6880321/webrev.01
This time I use the new IOUtils.readFully() method to read the stream. This method has an internal buffer that grows when more data come, and throws an EOFException (which is a child of IOException) when there're not enough bytes. I also use a temporary List to hold the certificate list.
Thanks
Max
On Sep 22, 2009, at 6:10 PM, Xuelei Fan wrote:
> Max (Weijun) Wang wrote:
>>
>> On Sep 22, 2009, at 4:09 PM, Florian Weimer wrote:
>>
>>> * Max Wang:
>>>
>>>> Please take a review on this code change:
>>>>
>>>> http://cr.openjdk.java.net/~weijun/6880321/webrev.00/
>>>
>>> This code is still unreliable. You cannot hide OutOfMemoryError this
>>> way. The error could even be thrown in a completely unrelated thread.
>>>
>>> There is no really good way to deal with this type of resource
>>> exhaustation. To deal with corrupted files, it is sufficient to grow
>>> arrays as the file is read, so you will hit the end of the file before
>>> the OOM error occurs.
>>
>> This sounds better.
> Sounds better to me also.
>
> Andrew
>>
>> Thanks
>> Max
>>
>>>
>>> --
>>> Florian Weimer <fweimer at bfk.de>
>>> BFK edv-consulting GmbH http://www.bfk.de/
>>> Kriegsstraße 100 tel: +49-721-96201-1
>>> D-76133 Karlsruhe fax: +49-721-96201-99
>>
>
More information about the security-dev
mailing list