QiuYucheng2003 opened a new issue, #15969: URL: https://github.com/apache/dubbo/issues/15969
### Pre-check - [x] I am sure that all the content I provide is in English. ### Search before asking - [x] I had searched in the [issues](https://github.com/apache/dubbo/issues?q=is%3Aissue) and found no similar issues. ### Apache Dubbo Component Java SDK (apache/dubbo) ### Dubbo Version Dubbo Version: Master branch (Source Code Analysis) JDK: 1.8+ OS: Cross-platform ### Steps to reproduce this issue While analyzing the source code of `org.apache.dubbo.common.threadpool.support.fixed.FixedThreadPool`, I noticed a potential risk in how the thread pool queue is initialized. **Code Location:** `dubbo-common/src/main/java/org/apache/dubbo/common/threadpool/support/fixed/FixedThreadPool.java` **Snippet:** ```java return new ThreadPoolExecutor(threads, threads, 0, TimeUnit.MILLISECONDS, queues == 0 ? new SynchronousQueue<Runnable>() : (queues < 0 ? new LinkedBlockingQueue<Runnable>() // <--- Potential Risk Here : new LinkedBlockingQueue<Runnable>(queues)), new NamedInternalThreadFactory(name, true), new AbortPolicyWithReport(name, url)); Analysis: The code explicitly invokes new LinkedBlockingQueue<Runnable>() when the queues parameter is less than 0. The default constructor of LinkedBlockingQueue sets the capacity to Integer.MAX_VALUE. If a user configures queues=-1 (or any negative value) in dubbo.properties or XML, the system creates an effectively unbounded queue. Under high load, requests will accumulate without limit, leading to OutOfMemoryError (OOM). ### What you expected to happen Even if this logic is intended for backward compatibility, it poses a stability risk. **Expected Behavior:** 1. At a minimum, a **WARN log** should be printed when `queues < 0` is detected, explicitly warning the user that an unbounded queue is being used. 2. Alternatively, consider enforcing a default hard limit (safeguard) instead of allowing a completely unbounded queue. ### Anything else I found this issue during a static code analysis research project. ### Are you willing to submit a pull request to fix on your own? - [x] Yes I am willing to submit a pull request on my own! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
