Bug 60400 - HttpServletRequest.getReader doesn't correctly read data
Summary: HttpServletRequest.getReader doesn't correctly read data
Alias: None
Product: Tomcat 8
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 8.5.8
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ----
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2016-11-21 22:28 UTC by clement
Modified: 2016-11-25 14:29 UTC (History)
0 users

server configuration (384 bytes, text/xml)
2016-11-22 19:17 UTC, clement

Note You need to log in before you can comment on or make changes to this bug.
Description clement 2016-11-21 22:28:11 UTC
The HttpServletRequest.getReader doesn't correctly read large entity and returns more data than expected.
This happens only with version 8.5.8 (working fine on 8.5.6).
I was able to reproduce this with a really simple web app where the issue is occurring for entity larger that 12288 characters.

protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException{
	StringBuilder builder = new StringBuilder();
	try(BufferedReader reader = req.getReader()){
		String line;
		while((line = reader.readLine()) != null){
	resp.getWriter().println(req.getContentLength() + " " + builder.length());

Then I use this command and I'm able to compare input and parsed data:
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 12289 > input && curl -X POST http://localhost:8080/example -d @input > output
Comment 1 Violeta Georgieva 2016-11-22 08:03:38 UTC

I was not able to reproduce the issue with the provided example.
I received:
- input with size 12289
- output with size 12302. The output contains two rows:
  - the first one contains information for the input and output size: 12289 12289
  - the second one contains the input that was sent.

If I remove the first line then the both files are identical.

Comment 2 clement 2016-11-22 19:17:33 UTC
Created attachment 34466 [details]
server configuration

Here is what I get:

-rw-r--r-- 1 cguillaume cguillaume 12289 Nov 22 10:30 input
-rw-r--r-- 1 cguillaume cguillaume 21302 Nov 22 10:30 output

First line: 12289 21289

It seems to happen only when using the apr connector. I attached my server.xml.
The apr version I'm using is:
INFO: Loaded APR based Apache Tomcat Native library 1.2.10 using APR version 1.5.2.
Comment 3 Violeta Georgieva 2016-11-25 11:27:17 UTC

I reproduced the issue.
I'll update the issue with my findings later.

Comment 4 Violeta Georgieva 2016-11-25 14:29:13 UTC

The issue was the following:
In some cases the buffer used for the request data needs to be expanded. The read position after the expansion was not returned to the correct one.

This has been fixed in
- 9.0.x for 9.0.0.M14 onwards and
- 8.5.x for 8.5.9 onwards