[
https://issues.apache.org/jira/browse/COLLECTIONS-599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15714952#comment-15714952
]
Gary Gregory edited comment on COLLECTIONS-599 at 11/6/17 3:52 PM:
-------------------------------------------------------------------
Possible fix would be calculating threshold before putting the data in
doReadObject API.
Calculating threshold would not initialize the array by double.
Please find the code below :
{code:java}
protected void doReadObject(ObjectInputStream in)
throws IOException, ClassNotFoundException
{
this.loadFactor = in.readFloat();
int capacity = in.readInt();
int size = in.readInt();
init();
this.data = new HashEntry[capacity];
this.threshold = calculateThreshold(this.data.length, this.loadFactor);
for (int i = 0; i < size; i++)
{
Object key = in.readObject();
Object value = in.readObject();
put(key, value);
}
}
{code}
Why these is critical because this version of jar are been used by struts 2 .
I saw these been changed in version 4.1 , but if you classes in 4.1 are
declared in different package.
We should have provide fix for these version as we cant change jars which is
internally using these stuff.
was (Author: tejast5):
Possible fix would be calculating threshold before putting the data in
doReadObject API.
Calculating threshold would not initialize the array by double.
Please find the code below :
protected void doReadObject(ObjectInputStream in)
throws IOException, ClassNotFoundException
{
this.loadFactor = in.readFloat();
int capacity = in.readInt();
int size = in.readInt();
init();
this.data = new HashEntry[capacity];
this.threshold = calculateThreshold(this.data.length, this.loadFactor);
for (int i = 0; i < size; i++)
{
Object key = in.readObject();
Object value = in.readObject();
put(key, value);
}
}
Why these is critical because this version of jar are been used by struts 2 .
I saw these been changed in version 4.1 , but if you classes in 4.1 are
declared in different package.
We should have provide fix for these version as we cant change jars which is
internally using these stuff.
> HashEntry array object naming data initialized with double the size during
> deserialization
> ------------------------------------------------------------------------------------------
>
> Key: COLLECTIONS-599
> URL: https://issues.apache.org/jira/browse/COLLECTIONS-599
> Project: Commons Collections
> Issue Type: Bug
> Components: Collection, Map
> Affects Versions: 3.1
> Reporter: Tejas Patel
> Priority: Critical
> Fix For: 4.1
>
>
> Common collections 3.1 and 3.2 are used at many places and frameworks
> including struts2.
> Supose a LinkedMap object it is created and have size greater than zero is
> serialized. While deserializing this object , array of HashEntry naming data
> delacred in AbstractHashedMap always initialises with a new capacity of
> double its double of the serialized object.
> Please see the below API declared in AbstractHashedMap class :
> {code:java}
> protected void checkCapacity()
> {
> if (this.size >= this.threshold)
> {
> int newCapacity = this.data.length * 2;
> if (newCapacity <= 1073741824) {
> ensureCapacity(newCapacity);
> }
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
