[jboss-jira] [JBoss JIRA] (WFCORE-464) ProcessController's BufferedReader.readLine() usage allows unbounded memory usage

Brian Stansberry (JIRA) issues at jboss.org
Tue Dec 23 20:57:29 EST 2014 

    [ https://issues.jboss.org/browse/WFCORE-464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13029501#comment-13029501 ] 

Brian Stansberry commented on WFCORE-464:
-----------------------------------------

https://github.com/bstansberry/wildfly-core/compare/limit-readLine is something I did on this quite a while ago, but I have no time to develop tests of this, and this would need considerable testing to make the change amount to a net reduction in risk.

> ProcessController's BufferedReader.readLine() usage allows unbounded memory usage
> ---------------------------------------------------------------------------------
>
>                 Key: WFCORE-464
>                 URL: https://issues.jboss.org/browse/WFCORE-464
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Domain Management
>    Affects Versions: 1.0.0.Alpha14
>            Reporter: James Livingston
>            Assignee: Brian Stansberry
>
> org.jboss.as.process.ManagedProcess$ReadTask.run() uses readLine() to read a line of output from the manage process' standard output/error streams, which cause the whole line to be loaded into memory.
> Badly written applications may dump excessive amounts of data out in a single line, which would cause the process controller to temporarily use a large amount of memory to process it, potentially leading to an OutOfMemoryError. Practically speaking, with the default -Xmx512m it would require around 128 million characters in a single line to trigger, which is obviously very high.
> Were an OOME to occur, it would almost certainly cause the stream to be closed, and "IOException: Broken pipe" exceptions to occur in the child process, which for WildFly would be caught an ignored by JBoss Logging. A hostile managed process exploiting this would be almost impossible.
> A reasonable solution would probably be to limit size of the buffer read, causing it to split lines over a certain size (a few megabytes?). That would not likely cause any practical problems.



--
This message was sent by Atlassian JIRA
(v6.3.11#6341)

More information about the jboss-jira mailing list