snappy-java icon indicating copy to clipboard operation
snappy-java copied to clipboard
verified publisher icon xerial

Bad use of OutOfMemoryError to validate buffer size

Open duongkame opened this issue 1 year ago • 2 comments

In SnappyInputStream, OutOfMemoryError is used to validate the buffer size to allocated. https://github.com/xerial/snappy-java/blob/dfbf67a4cb49930aa7be2bf6c6d9e77e6aba79e2/src/main/java/org/xerial/snappy/SnappyInputStream.java#L451-L456

This's a bad way to validate buffer size as explain here.
And another serious consequence, catching OutOfMemoryError in Java code requires the applications not to use JVM options like CrashOnOutOfMemoryError or ExitOnOutOfMemoryError to automatically restart the JVM when it runs out of memory.

I'm wondering if there is a specific reason why that could not be a simple conditional validation?

duongkame avatar Jan 08 '25 03:01 duongkame

There wasn't any specific reason for that. It's better to be fixed as you suggested.

xerial avatar Feb 04 '25 22:02 xerial

Thanks for your reply @xerial. I filed a PR: https://github.com/xerial/snappy-java/pull/647/files.

duongkame avatar Feb 26 '25 00:02 duongkame

Fixed in #647. Thanks!

xerial avatar Jul 20 '25 18:07 xerial