]
Brian Stansberry commented on WFCORE-464:
-----------------------------------------
is something I did on
this quite a while ago, but I have no time to develop tests of this, and this would need
considerable testing to make the change amount to a net reduction in risk.
ProcessController's BufferedReader.readLine() usage allows
unbounded memory usage
---------------------------------------------------------------------------------
Key: WFCORE-464
URL:
https://issues.jboss.org/browse/WFCORE-464
Project: WildFly Core
Issue Type: Bug
Components: Domain Management
Affects Versions: 1.0.0.Alpha14
Reporter: James Livingston
Assignee: Brian Stansberry
org.jboss.as.process.ManagedProcess$ReadTask.run() uses readLine() to read a line of
output from the manage process' standard output/error streams, which cause the whole
line to be loaded into memory.
Badly written applications may dump excessive amounts of data out in a single line, which
would cause the process controller to temporarily use a large amount of memory to process
it, potentially leading to an OutOfMemoryError. Practically speaking, with the default
-Xmx512m it would require around 128 million characters in a single line to trigger, which
is obviously very high.
Were an OOME to occur, it would almost certainly cause the stream to be closed, and
"IOException: Broken pipe" exceptions to occur in the child process, which for
WildFly would be caught an ignored by JBoss Logging. A hostile managed process exploiting
this would be almost impossible.
A reasonable solution would probably be to limit size of the buffer read, causing it to
split lines over a certain size (a few megabytes?). That would not likely cause any
practical problems.