Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0037135 | Openbravo ERP | A. Platform | public | 2017-10-20 13:54 | 2018-01-03 12:38 |
|
| Reporter | alostale | |
| Assigned To | alostale | |
| Priority | urgent | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | 3.0PR18Q1 | |
| Merge Request Status | |
| Review Assigned To | caristu |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0037135: OOM parsing corrupted JSON |
| Description | When a corrupted JSON string is parsed to instantiate a JSONObject, an OOM Exception can be thrown.
Even it is very unlikely this to happen because the string must be corrupted in a very particular manner, it can occur when data is sent from client to server.
This is an issue in current version (1.3) of jettison library that is fixed in newer versions [1].
---
[1] https://github.com/jettison-json/jettison/commit/334f9ba080784b65da5 [^] |
| Steps To Reproduce | Cannot reproduce consistently in real life as a JSON string representation must be corrupted in a specific way.
Execute:
String corruptedJSON = "{\"data\":[{},";
new JSONObject(corruptedJSON);
You get:
java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Arrays.java:3210)
at java.util.Arrays.copyOf(Arrays.java:3181)
at java.util.ArrayList.grow(ArrayList.java:261)
at java.util.ArrayList.ensureExplicitCapacity(ArrayList.java:235)
at java.util.ArrayList.ensureCapacityInternal(ArrayList.java:227)
at java.util.ArrayList.add(ArrayList.java:458)
at org.codehaus.jettison.json.JSONArray.<init>(JSONArray.java:107)
at org.codehaus.jettison.json.JSONTokener.nextValue(JSONTokener.java:313)
at org.codehaus.jettison.json.JSONObject.<init>(JSONObject.java:195)
at org.codehaus.jettison.json.JSONObject.<init>(JSONObject.java:266)
at LoadJson.main(LoadJson.java:17)
|
| Proposed Solution | Upgrade to latest jettison version.
Review following changesets [1] that might affect behavior.
---
[1] https://docs.google.com/spreadsheets/d/1ldZ2IL3s5f-BSHlqVSGxG1ecTSJK20jIxaQudgZIlX8/edit#gid=0 [^]
|
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | design defect | 0037151 | | acknowledged | Triage Platform Base | upgrade/replace JSON library | | related to | defect | 0037335 | | closed | caristu | The DBSourceManager test classpath references the old jettison library | | blocks | defect | 0052255 | | closed | kousalya_r | Request to provide valid version for jettison-1.3-patched.jar |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2017-10-20 13:54 | alostale | New Issue | |
| 2017-10-20 13:54 | alostale | Assigned To | => platform |
| 2017-10-20 13:54 | alostale | Modules | => Core |
| 2017-10-20 13:54 | alostale | Triggers an Emergency Pack | => No |
| 2017-10-20 13:54 | alostale | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=16161#r16161 |
| 2017-10-20 13:59 | alostale | Description Updated | bug_revision_view_page.php?rev_id=16163#r16163 |
| 2017-10-20 13:59 | alostale | Proposed Solution updated | |
| 2017-10-20 13:59 | alostale | Assigned To | platform => alostale |
| 2017-10-20 13:59 | alostale | Status | new => acknowledged |
| 2017-10-20 15:38 | alostale | Proposed Solution updated | |
| 2017-10-24 10:45 | alostale | Relationship added | related to 0037151 |
| 2017-10-24 10:50 | alostale | Note Added: 0100016 | |
| 2017-10-24 16:27 | hgbot | Checkin | |
| 2017-10-24 16:27 | hgbot | Note Added: 0100043 | |
| 2017-10-24 16:27 | hgbot | Status | acknowledged => resolved |
| 2017-10-24 16:27 | hgbot | Resolution | open => fixed |
| 2017-10-24 16:27 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/490a7de26ccb70942d48381a02bfbb644f13b483 [^] |
| 2017-10-24 16:28 | alostale | Review Assigned To | => caristu |
| 2017-10-25 08:50 | hgbot | Checkin | |
| 2017-10-25 08:50 | hgbot | Note Added: 0100046 | |
| 2017-10-27 09:43 | caristu | Note Added: 0100093 | |
| 2017-10-27 09:43 | caristu | Status | resolved => closed |
| 2017-10-27 09:43 | caristu | Fixed in Version | => 3.0PR18Q1 |
| 2017-11-20 18:44 | caristu | Relationship added | related to 0037335 |
| 2018-01-03 12:38 | hudsonbot | Checkin | |
| 2018-01-03 12:38 | hudsonbot | Note Added: 0101345 | |
| 2018-01-03 12:38 | hudsonbot | Checkin | |
| 2018-01-03 12:38 | hudsonbot | Note Added: 0101346 | |
| 2023-04-26 13:39 | kousalya_r | Relationship added | blocks 0052255 |
|
Notes |
|
|
|
Upgrading to latest version is problematic due to API changes introduced since current one (see 0037151).
Current plan is to backport only those changesets required to fix known problems. |
|
|
|
(0100043)
|
|
hgbot
|
|
2017-10-24 16:27
|
|
|
|
|
(0100046)
|
|
hgbot
|
|
2017-10-25 08:50
|
|
|
|
|
|
|
Verified using the "corrupted JSON" for the testing: "{\"data\":[{}," |
|
|
|
|
|
|
|
|
|