[security-dev 01643]: Re: Code review request: 6880321 sun.security.provider.JavaKeyStore abuse of OOM Exception handling

Max (Weijun) Wang Weijun.Wang at Sun.COM
Thu Feb 25 22:09:15 PST 2010

Hi Florian and Andrew

I've created a new webrev for this bug:


This time I use the new IOUtils.readFully() method to read the stream. This method has an internal buffer that grows when more data come, and throws an EOFException (which is a child of IOException) when there're not enough bytes. I also use a temporary List to hold the certificate list.


On Sep 22, 2009, at 6:10 PM, Xuelei Fan wrote:

> Max (Weijun) Wang wrote:
>> On Sep 22, 2009, at 4:09 PM, Florian Weimer wrote:
>>> * Max Wang:
>>>> Please take a review on this code change:
>>>>   http://cr.openjdk.java.net/~weijun/6880321/webrev.00/
>>> This code is still unreliable.  You cannot hide OutOfMemoryError this
>>> way.  The error could even be thrown in a completely unrelated thread.
>>> There is no really good way to deal with this type of resource
>>> exhaustation.  To deal with corrupted files, it is sufficient to grow
>>> arrays as the file is read, so you will hit the end of the file before
>>> the OOM error occurs.
>> This sounds better.
> Sounds better to me also.
> Andrew
>> Thanks
>> Max
>>> -- 
>>> Florian Weimer                <fweimer at bfk.de>
>>> BFK edv-consulting GmbH       http://www.bfk.de/
>>> Kriegsstraße 100              tel: +49-721-96201-1
>>> D-76133 Karlsruhe             fax: +49-721-96201-99

More information about the security-dev mailing list