Bug 38346 - InputBuffer breaks request.readLine()
Summary: InputBuffer breaks request.readLine()
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 5.5.14
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
: 38836 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-01-21 21:35 UTC by Rainer Jung
Modified: 2011-10-25 09:07 UTC (History)
1 user (show)



Attachments
Patch for InputBuffer fixing 1) and 2) (688 bytes, patch)
2006-01-21 21:36 UTC, Rainer Jung
Details | Diff
Test JSP (1001 bytes, text/plain)
2006-01-21 21:37 UTC, Rainer Jung
Details
Test Client perl script (1.53 KB, text/plain)
2006-01-21 21:38 UTC, Rainer Jung
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Rainer Jung 2006-01-21 21:35:08 UTC
There are two bugs in

org.apache.catalina.connector.InputBuffer:

1) If you send a POST with 8K in the body then the optimizedWrite flag in
CharChunk prevents the input data from being read into the CharChunk. This only
happens at and after the second request on an input processor, because the
optimizedWrite flag ist being set to true when recycling the InputBuffer after
the first request.

2) After fixing that, you can more easily see another bug: realReadChars always
reads the full ByteChunk buffer size and then tries to convert it into the
CharChunk. There is a corner case, where CharChunk has a limit just a little too
small, to be able to do that. This is not about making CharChunk much bigger. I
can give more precise details, but the patch might be self-explaining (it is
very short).

I attach

- a patch
- a JSP and a perl script to easily reproduce the problem. Problem 1) can be
reprodiced by setting CHUNK in the script to 8192, problem 2 (after fixing 1) by
setting it slightly bigger than 8192, e.g. 8300.
Comment 1 Rainer Jung 2006-01-21 21:36:57 UTC
Created attachment 17478 [details]
Patch for InputBuffer fixing 1) and 2)
Comment 2 Rainer Jung 2006-01-21 21:37:38 UTC
Created attachment 17479 [details]
Test JSP

Test JSP to be called by the next attachment
Comment 3 Rainer Jung 2006-01-21 21:38:26 UTC
Created attachment 17480 [details]
Test Client perl script

Client side script which posts data to the test JSP to reproduce both bugs.
Comment 4 Rainer Jung 2006-01-21 21:39:04 UTC
By the way: the same problem (and the same fix) apply to the 5.0 branch.
Comment 5 Rainer Jung 2006-01-23 15:48:06 UTC
I was at our customers side today. The problem is always reproducible with the
ajp connector. On his system, I can not reproduce with HTTP connector. But from
the code in InputBuffer it's clear, that the occurence of the bug only depends
on the amount of data received on the socket, when the buffer loads new data.

I'm pretty confident, that the patch also fixes bugs 34829, 28959, 27447, and
24897. I know, that CoyoteReader/InputBuffer/(Byte|Char)Chunk are difficult to
understand and noone wants to touch them. But I instrumented the classes to
exactly find out what's happening, and if Remy (or whoever is willing to dig
into it) likes more explanation of the patch please ask.

At the customer's installation his problem was fixed with the patch.
Comment 6 william.barker 2006-01-24 05:22:25 UTC
(In reply to comment #5)
> I was at our customers side today. The problem is always reproducible with 
the
> ajp connector. On his system, I can not reproduce with HTTP connector. But 
from
> the code in InputBuffer it's clear, that the occurence of the bug only 
depends
> on the amount of data received on the socket, when the buffer loads new data.

By default, the HTTP connector only reads 4K at a time, so serendipitously 
this bug doesn't show itself.

The patch has been committed to the SVN trunk, and will appear in 5.5.16.

Comment 7 Mark Thomas 2007-06-01 19:09:31 UTC
*** Bug 38836 has been marked as a duplicate of this bug. ***
Comment 8 naani101 2011-10-25 06:49:15 UTC
thi issue still occurs with tomcat 5.5.28. Could you please let me know, how to apply this patch to 5.5.28?
Comment 9 Rainer Jung 2011-10-25 08:33:03 UTC
This is very unlikely the same problem.

Bugzilla is not a support form.
Please post your problem description to the Tomcat users list.

Regards,

Rainer
Comment 10 naani101 2011-10-25 09:02:16 UTC
Thanks for your response Jung. We have an environment using HTTP connector. The issue does not occur, other environment using AJP connector.

In code we are using
BufferedReader in = request.getReader();

When a request is sent on AJP connector environment, the above code reads only 8192 length, not whole.

But if a request is sent on HTTP connector environment, the same method reads whole data. do you have any idea.. Please help.

The Tomcat version same in the both of the environments above.
Comment 11 Rainer Jung 2011-10-25 09:07:46 UTC
Please discuss this on the Tomcat users list, see http://tomcat.apache.org/lists.html

Thank you.