Page History

...

This behavior is both desirable and correct for data that potentially contains arbitrary object graphs, especially when the graphs are fully allocated and constructed prior to serialization. However, it can lead to memory exhaustion when serializing data that both lacks references to other objects being serialized and also can be allocated in part or in full after serialization has begun. One such example of such data is serializing a data stream from an external sensor. In such cases, programs must take additional action to avoid memory exhaustion. That is, programs reading in independent serialized data must reset the object cache between reads to prevent memory exhaustion.

...

This noncompliant code example reads and serializes data from an external sensor. Each invocation of the readSensorData() method returns a newly created SensorData instance, each containing a megabyte of data. SensorData instances contain are pure data streams, containing data and arrays , but lack any lacking references to other SensorData objects; this is a pure data stream.

The As already described, the ObjectOutputStream maintains a cache of previously-written objects, as discussed above; consequently, . Consequently, all SensorData objects remain alive until the cache itself becomes garbage. This can result in an OutOfMemoryError, because the stream remains open while new objects are being written to it.

...

Memory and resource leaks during serialization can consume all available memory result in a resource exhaustion attack or crash the JVM.

...

...