Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-1847

Response class does not sanity check values read from network leading to potential OutOfMemory exceptions

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.12.2
    • Component/s: Error Handling
    • Labels:
      None

      class Response (com.mongodb.Response) reads data from the network to build up a response object for later processing. On line 70 it reads an integer into _num which is later used to create an ArrayList (line 78). This value however is not sanity checked which can lead to an OOM exception being thrown.

      This affects at least versions 2.12.2 of the driver. The code for the 3.0 driver no longer contains this class but the new implementation should also contain a sanity check for this type of issue.

            Assignee:
            Unassigned Unassigned
            Reporter:
            ronan.bohan@mongodb.com Ronan Bohan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: