Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0037135 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | major | have not tried | 2017-10-20 13:54 | 2018-01-03 12:38 | |||
| Reporter | alostale | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | 3.0PR18Q1 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 490a7de26ccb | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | caristu | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0037135: OOM parsing corrupted JSON | |||||||
| Description | When a corrupted JSON string is parsed to instantiate a JSONObject, an OOM Exception can be thrown. Even it is very unlikely this to happen because the string must be corrupted in a very particular manner, it can occur when data is sent from client to server. This is an issue in current version (1.3) of jettison library that is fixed in newer versions [1]. --- [1] https://github.com/jettison-json/jettison/commit/334f9ba080784b65da5 [^] | |||||||
| Steps To Reproduce | Cannot reproduce consistently in real life as a JSON string representation must be corrupted in a specific way. Execute:
String corruptedJSON = "{\"data\":[{},";
new JSONObject(corruptedJSON);
You get:
java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Arrays.java:3210)
at java.util.Arrays.copyOf(Arrays.java:3181)
at java.util.ArrayList.grow(ArrayList.java:261)
at java.util.ArrayList.ensureExplicitCapacity(ArrayList.java:235)
at java.util.ArrayList.ensureCapacityInternal(ArrayList.java:227)
at java.util.ArrayList.add(ArrayList.java:458)
at org.codehaus.jettison.json.JSONArray.<init>(JSONArray.java:107)
at org.codehaus.jettison.json.JSONTokener.nextValue(JSONTokener.java:313)
at org.codehaus.jettison.json.JSONObject.<init>(JSONObject.java:195)
at org.codehaus.jettison.json.JSONObject.<init>(JSONObject.java:266)
at LoadJson.main(LoadJson.java:17)
| |||||||
| Proposed Solution | Upgrade to latest jettison version. Review following changesets [1] that might affect behavior. --- [1] https://docs.google.com/spreadsheets/d/1ldZ2IL3s5f-BSHlqVSGxG1ecTSJK20jIxaQudgZIlX8/edit#gid=0 [^] | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||||||||||||||||
|
||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0100016) alostale (manager) 2017-10-24 10:50 |
Upgrading to latest version is problematic due to API changes introduced since current one (see 0037151). Current plan is to backport only those changesets required to fix known problems. |
|
(0100043) hgbot (developer) 2017-10-24 16:27 |
Repository: erp/devel/pi Changeset: 490a7de26ccb70942d48381a02bfbb644f13b483 Author: Asier Lostalé <asier.lostale <at> openbravo.com> Date: Tue Oct 24 10:17:17 2017 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/490a7de26ccb70942d48381a02bfbb644f13b483 [^] fixed bug 37135: OOM parsing corrupted JSON Backported jettison changesets to 1.3 version to solve this issue [1] and [2]. Code for patched library can be found at [3]. --- [1] https://github.com/alostale/jettison/commit/b5df5afdff6987839f912780ad0fc9c0b0847f7f [^] [2] https://github.com/alostale/jettison/commit/83e804177eb19ec258481a23ffe30c3fa2f43ba4 [^] [3] https://github.com/alostale/jettison [^] --- A lib/runtime/jettison-1.3-patched.jar R lib/runtime/jettison-1.3.jar --- |
|
(0100046) hgbot (developer) 2017-10-25 08:50 |
Repository: erp/devel/pi Changeset: 97d86004181599767487a6190bdf0d0b01e8d83c Author: Asier Lostalé <asier.lostale <at> openbravo.com> Date: Wed Oct 25 08:38:49 2017 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/97d86004181599767487a6190bdf0d0b01e8d83c [^] related to bug 37135: updated Licensing.txt --- M legal/Licensing.txt --- |
|
(0100093) caristu (developer) 2017-10-27 09:43 |
Verified using the "corrupted JSON" for the testing: "{\"data\":[{}," |
|
(0101345) hudsonbot (developer) 2018-01-03 12:38 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/c81e0d3cbab5 [^] Maturity status: Test |
|
(0101346) hudsonbot (developer) 2018-01-03 12:38 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/c81e0d3cbab5 [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2017-10-20 13:54 | alostale | New Issue | |
| 2017-10-20 13:54 | alostale | Assigned To | => platform |
| 2017-10-20 13:54 | alostale | Modules | => Core |
| 2017-10-20 13:54 | alostale | Triggers an Emergency Pack | => No |
| 2017-10-20 13:54 | alostale | Steps to Reproduce Updated | View Revisions |
| 2017-10-20 13:59 | alostale | Description Updated | View Revisions |
| 2017-10-20 13:59 | alostale | Proposed Solution updated | |
| 2017-10-20 13:59 | alostale | Assigned To | platform => alostale |
| 2017-10-20 13:59 | alostale | Status | new => acknowledged |
| 2017-10-20 15:38 | alostale | Proposed Solution updated | |
| 2017-10-24 10:45 | alostale | Relationship added | related to 0037151 |
| 2017-10-24 10:50 | alostale | Note Added: 0100016 | |
| 2017-10-24 16:27 | hgbot | Checkin | |
| 2017-10-24 16:27 | hgbot | Note Added: 0100043 | |
| 2017-10-24 16:27 | hgbot | Status | acknowledged => resolved |
| 2017-10-24 16:27 | hgbot | Resolution | open => fixed |
| 2017-10-24 16:27 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/490a7de26ccb70942d48381a02bfbb644f13b483 [^] |
| 2017-10-24 16:28 | alostale | Review Assigned To | => caristu |
| 2017-10-25 08:50 | hgbot | Checkin | |
| 2017-10-25 08:50 | hgbot | Note Added: 0100046 | |
| 2017-10-27 09:43 | caristu | Note Added: 0100093 | |
| 2017-10-27 09:43 | caristu | Status | resolved => closed |
| 2017-10-27 09:43 | caristu | Fixed in Version | => 3.0PR18Q1 |
| 2017-11-20 18:44 | caristu | Relationship added | related to 0037335 |
| 2018-01-03 12:38 | hudsonbot | Checkin | |
| 2018-01-03 12:38 | hudsonbot | Note Added: 0101345 | |
| 2018-01-03 12:38 | hudsonbot | Checkin | |
| 2018-01-03 12:38 | hudsonbot | Note Added: 0101346 | |
| 2023-04-26 13:39 | kousalya_r | Relationship added | blocks 0052255 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |