Bug 53677 - ArrayIndexOutOfBoundsException when response header exceeds maxHttpHeaderSize
Summary: ArrayIndexOutOfBoundsException when response header exceeds maxHttpHeaderSize
Status: NEW
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 6.0.35
Hardware: PC All
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-08-07 23:28 UTC by Dan Henry
Modified: 2012-08-30 21:59 UTC (History)
1 user (show)



Attachments
Small sample web app (2.80 KB, application/octet-stream)
2012-08-07 23:28 UTC, Dan Henry
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Dan Henry 2012-08-07 23:28:11 UTC
Created attachment 29184 [details]
Small sample web app

When a servlet adds enough information to a response exceed the maxHttpHeaderSize limitconfigured for an HTTP 1.1 connector, an ArrayIndexOutOfBoundsException is thrown by Tomcat (example stacktrace below), and the connection is closed without writing any data.

In a scenario like this, should a response with a status of 500 be returned to indicate a server error? (and perhaps the server should log a message indicating that the limit has been exceeded for a response, instead of throwing an ArrayIndexOutOfBoundsException?)



This issue can be reproduced by testing with a servlet that implements this contrived doGet method (sample application with this is attached):

	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		char[] bigBuffer = new char[1024 * 8];
		Arrays.fill(bigBuffer, 'a');
		response.setHeader("x-example", new String(bigBuffer));
		
		response.setContentType("text/plain");
		response.setCharacterEncoding("ISO-8859-1");

		Writer out = response.getWriter();
		out.write("Hello!");
		out.close();
	}


This has been observed under the following configurations:

Tomcat 6.0.26/Oracle JDK 1.6.0_25 (64-bit)/SUSE Linux 10
Tomcat 6.0.35/Oracle JDK 1.7.0 (64-bit)/Windows 7

- Tomcat is not running behind a web server in any of these configurations

- The connector being used in both cases is Coyote HTTP/1.1




Stacktrace:

Aug 07, 2012 6:11:26 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet SampleServlet threw exception
java.lang.ArrayIndexOutOfBoundsException: 8192
	at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:730)
	at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:641)
	at org.apache.coyote.http11.InternalOutputBuffer.sendHeader(InternalOutputBuffer.java:514)
	at org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1637)
	at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:956)
	at org.apache.coyote.Response.action(Response.java:183)
	at org.apache.coyote.Response.sendHeaders(Response.java:379)
	at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:314)
	at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:274)
	at org.apache.catalina.connector.CoyoteWriter.close(CoyoteWriter.java:108)
	at com.example.SampleServlet.doGet(SampleServlet.java:36)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
	at java.lang.Thread.run(Unknown Source)

Aug 07, 2012 6:11:26 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet SampleServlet threw exception
java.lang.ArrayIndexOutOfBoundsException: 8192
	at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:730)
	at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:641)
	at org.apache.coyote.http11.InternalOutputBuffer.sendHeader(InternalOutputBuffer.java:514)
	at org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1637)
	at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:956)
	at org.apache.coyote.Response.action(Response.java:183)
	at org.apache.coyote.Response.sendHeaders(Response.java:379)
	at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:314)
	at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:274)
	at org.apache.catalina.connector.CoyoteWriter.close(CoyoteWriter.java:108)
	at com.example.SampleServlet.doGet(SampleServlet.java:36)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
	at java.lang.Thread.run(Unknown Source)

Aug 07, 2012 6:11:26 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error processing request
java.lang.ArrayIndexOutOfBoundsException
	at java.lang.System.arraycopy(Native Method)
	at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:701)
	at org.apache.coyote.http11.InternalOutputBuffer.sendStatus(InternalOutputBuffer.java:438)
	at org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1624)
	at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:956)
	at org.apache.coyote.Response.action(Response.java:183)
	at org.apache.coyote.Response.sendHeaders(Response.java:379)
	at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:314)
	at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:274)
	at org.apache.catalina.connector.Response.finishResponse(Response.java:493)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:317)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
	at java.lang.Thread.run(Unknown Source)

Aug 07, 2012 6:11:26 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error processing request
java.lang.ArrayIndexOutOfBoundsException
	at java.lang.System.arraycopy(Native Method)
	at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:701)
	at org.apache.coyote.http11.InternalOutputBuffer.sendStatus(InternalOutputBuffer.java:438)
	at org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1624)
	at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:956)
	at org.apache.coyote.Response.action(Response.java:183)
	at org.apache.coyote.Response.sendHeaders(Response.java:379)
	at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:314)
	at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:274)
	at org.apache.catalina.connector.Response.finishResponse(Response.java:493)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:317)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
	at java.lang.Thread.run(Unknown Source)

Aug 07, 2012 6:11:26 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error finishing response
java.lang.ArrayIndexOutOfBoundsException
	at java.lang.System.arraycopy(Native Method)
	at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:701)
	at org.apache.coyote.http11.InternalOutputBuffer.sendStatus(InternalOutputBuffer.java:438)
	at org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1624)
	at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:956)
	at org.apache.coyote.Response.action(Response.java:181)
	at org.apache.coyote.http11.InternalOutputBuffer.endRequest(InternalOutputBuffer.java:398)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:901)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
	at java.lang.Thread.run(Unknown Source)

Aug 07, 2012 6:11:26 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error finishing response
java.lang.ArrayIndexOutOfBoundsException
	at java.lang.System.arraycopy(Native Method)
	at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:701)
	at org.apache.coyote.http11.InternalOutputBuffer.sendStatus(InternalOutputBuffer.java:438)
	at org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1624)
	at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:956)
	at org.apache.coyote.Response.action(Response.java:181)
	at org.apache.coyote.http11.InternalOutputBuffer.endRequest(InternalOutputBuffer.java:398)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:901)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
	at java.lang.Thread.run(Unknown Source)
Comment 1 Mark Thomas 2012-08-30 21:59:41 UTC
Fixed in trunk and 7.0.x and will be included in 7.0.30 onwards.

It has not yet been proposed for back-port as due to the connector refactoring, a 6.0.x specific patch will be required.