[ https://issues.apache.org/jira/browse/COLLECTIONS-599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15714952#comment-15714952 ]
Tejas Patel commented on COLLECTIONS-599: ----------------------------------------- Possible fix would be calculating threshold before putting the data in doReadObject API. Calculating threshold would not initialize the array by double. Please find the code below : protected void doReadObject(ObjectInputStream in) throws IOException, ClassNotFoundException { this.loadFactor = in.readFloat(); int capacity = in.readInt(); int size = in.readInt(); init(); this.data = new HashEntry[capacity]; this.threshold = calculateThreshold(this.data.length, this.loadFactor); for (int i = 0; i < size; i++) { Object key = in.readObject(); Object value = in.readObject(); put(key, value); } } Why these is critical because this version of jar are been used by struts 2 . I saw these been changed in version 4.1 , but if you classes in 4.1 are declared in different package. We should have provide fix for these version as we cant change jars which is internally using these stuff. > HashEntry array object naming data initialized with double the size during > deserialization > ------------------------------------------------------------------------------------------ > > Key: COLLECTIONS-599 > URL: https://issues.apache.org/jira/browse/COLLECTIONS-599 > Project: Commons Collections > Issue Type: Bug > Components: Collection, Map > Affects Versions: 3.1 > Reporter: Tejas Patel > Priority: Critical > Fix For: 4.1 > > > Common collections 3.1 and 3.2 are used at many places and frameworks > including struts2. > Supose a LinkedMap object it is created and have size greater than zero is > serialized. While deserializing this object , array of HashEntry naming data > delacred in AbstractHashedMap always initialises with a new capacity of > double its double of the serialized object. > Please see the below API declared in AbstractHashedMap class : > protected void checkCapacity() > { > if (this.size >= this.threshold) > { > int newCapacity = this.data.length * 2; > if (newCapacity <= 1073741824) { > ensureCapacity(newCapacity); > } > } > } -- This message was sent by Atlassian JIRA (v6.3.4#6332)