[ https://issues.apache.org/jira/browse/CODEC-323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary D. Gregory resolved CODEC-323. ----------------------------------- Fix Version/s: 1.16.2 Resolution: Fixed > Possible Out-of-Memory problem in Apache Commons Codec PhoneticEngine class > --------------------------------------------------------------------------- > > Key: CODEC-323 > URL: https://issues.apache.org/jira/browse/CODEC-323 > Project: Commons Codec > Issue Type: Improvement > Reporter: Sheung Chi Chan > Priority: Minor > Fix For: 1.16.2 > > > In the constructor of Apache Commons Codec PhoneticEngine class, the last > parameter maxPhonemes accepts any integer. Although a negative or zero > maxPhonemes value is rejected in a later stage, a very large integer still > passes the checking. The maxPhonemes variable is used later in the apply() > method to create a LinkedHashSet object, passing by the invoke() method in > the PhoneticBuilder object stored in the PhoneticEngine object. By Java > settings, the creation of LinkedHashSet objects won’t allocate all memory > immediately. It will allocate a small amount of memory and when more memory > is needed, the resize() method is called to request more memory. Thus > creating the LinkedHashSet object with a large integer size will not result > in errors immediately. When the logic tries adding items to the created > LinkedHashSet object, it will first check if the number of elements in the > set is larger than the provided maxPhonemes. The new element will be added to > the set if and only if the current size of the set is smaller than the > maxPhonemes. Thus if a very large maxPhonemes is provided, a large amount of > new data could be added to the set. It could easily use up the memory because > new elements could be added to the set. This causes a possible out-of-memory > problem. -- This message was sent by Atlassian Jira (v8.20.10#820010)