-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
While reading this BZ issue[1], I decided to read the code referred to by Michael Osipov in Http11OutputBuffer.java. The method is sendStatus and looks roughly like this: write(Constants.HTTP_11_BYTES); headerBuffer.put(Constants.SP); write(statuscode); headerBuffer.put(Constants.SP); write(reasonPhrase); // Only in Tomcat < 9.0 headerBuffer.put(Constants.CR).put(Constants.LF); headerBuffer is a protected final ByteBuffer member and write() is an overloaded member method where only the following implementation is used : public void write(byte[]) The write() method always checks to see if headerBuffer is big enough to hold the byte array being passed as an argument, and throws a HeadersTooLargeException if the byte buffer would overflow. If no overflow will occur, write() calls headerBuffer.put(). headerBuffer.put will throw a BufferOverflowException if the buffer overflows. This code is inconsistent in the way that it handles access to the headerBuffer (ByteBuffer): one access strategy is to just shove things into the buffer (headerBuffer.put) and another is to perform a "safe" write to the buffer. These calls are interleaved. Reading only the code for sendStatus() -- that is, without reading the body of write() -- it's not clear at all that calls to write() and headerBuffer.put() are both modifying the same buffer. In the specific case of Tomcat < 9.0, the exact length of the reason phrase will determine whether you receive a BufferOverflowException or a HeadersTooLargeException. I think you should consistently receive one or the other of these two error conditions because they mean exactly the same thing: you overflowed the response buffer before the headers were completely written. Is there a particular reason not to consistently call write() in sendStatus() instead of mixing these two types of calls? If performance is a consideration, then most of the calls to write() should probably be calls to headerBuffer.put() because we can be (reasonably?) sure that writing "HTTP/1.1 " to the output buffer isn't going to overflow the buffer. Likewise with the bytes for the status code. With an omitted reason phrase, even the trailing SP CR LF can be collapsed into a single byte[] and written a single time to the ByteBuffer, instead of individually as the current code does. If there is a reason to be inconsistent, let's state it and be consistently inconsistent. If there is no such reason, let's be consistent and either always call write() or always call headerBuffer.put(). Thoughts? Thanks, - -chris [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61982 -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlpX70cdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFjoRQ//TR13uVN6fwMs3COf PRqE+51hK+nb15yP+PtHPCR73hf8c64A/nM5CZENpMcbUVrI2tr8HdMD8tPo1a5P T6SheiCyENrBXk7qpcHcxcy9oCD7jvrbuYBtCdDJhcBVgwn1sqONtMQrl03Ioo/u 6bahOIPQrQEMpjwV4BBuWREA1HD+6Pn432DKbsMTJzIyUCjLPIBtBQhotSdhgYJb zOsntQzWvI7u2CFogrER6/Vm2E1gtBfs5qH/BDe3h3coIjgCnEcgwAQbfdobZ7eb IeoG0bC5HTR1inNsnt/4T+hIVxH43asLa9EcebQe+PnwS0wm+HenAgULaphR+9Sn bYYPb31BVsi75P/v9WTouJ18p0NaWYgDA/XVO6iX+oLFhhIt0rxInkBl+My2rK+H bnPebPdwvt/ZY9Si+qTqUccMJKanVG13AH8AvKejfntbWbEjl+vrWWRXSS+PMYsh xNDujEaUcoiVUkoKWX96EKfhFiWEhKbnLNuHjKu7ckhhPqgefqN4l43USiuDLnFv 1s48t7/DR0/X6DSOEq8JyXmcP4twroVFTQ+E+8Bg2igaDtUIpy/QfSnWtO0mDFSN J2AfVOvm/WibhWZBDLZaQ5iXHnUrtEyAoiMfOeUza6H0Km6LB192X8EjonFD421I 4WBW6Nfb5H3xqe60YniG6Qkb+0s= =Doi6 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org