Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-334

UnsyncByteArrayOutputStream hangs on messages larger 512 MB

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Java 1.5.2
    • Java 1.4.8, Java 1.5.3
    • Java
    • Security Level: Public (Public issues, viewable by everyone)
    • None
    • Windows 7

    Description

      If we check the signature of a message larger than 512 MB, the method expandSize(int newPos) of class org.apache.xml.security.utils.UnsyncByteArrayOutputStream goes in an endless loop, i.e. it hangs.
      The following lines show the endless loop:
      while (newPos > newSize) {
      newSize = newSize << 2;
      }
      Initially the size is 8 KB and after several bit shifts by 2 (equal to multiplication with 4) the size is 512 MB. If 512 MB is multiplied with 4 it comes to an overflow: 512*1024*1024 << 2 = -2147483648, which is Integer.MIN_VALUE.
      One solution would be to change the used types from int to long.

      If we stay with datatype int, we could improve the implementation:
      while (newPos > newSize) {
      newSize = (newSize < (512*1024*1024)) ? (newSize << 2) :Integer.MAX_VALUE ;
      }
      This would work with message up to 2 GB. Messages greater than 2 GB would still fail.

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            oberapache Torsten Keim
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: