...
| Code Block | ||
|---|---|---|
| ||
class ReadNames {
private Vector<String> names = new Vector<String>();
private final InputStreamReader input;
private final BufferedReader reader;
public ReadNames(String filename) throws IOException {
this.input = new FileReader(filename);
this.reader = new BufferedReader(input);
}
public void addNames() throws IOException {
try {
String newName;
while (((newName = reader.readLine()) != null) &&
!(newName.equalsIgnoreCase("quit"))) {
names.addElement(newName);
System.out.println("adding " + newName);
}
} finally {
input.close();
}
}
public static void main(String[] args) throws IOException {
if (args.length != 1) {
System.out.println("Arguments: [filename]");
return;
}
ShowHeapErrorReadNames demo = new ShowHeapErrorReadNames(args[0]);
demo.addNames();
}
}
|
...
| Code Block | ||
|---|---|---|
| ||
/** Assuming the heap size as 512 MB
* (calculated as 1/4th of 2 GB RAM = 512 MB)
* Considering long values being entered (64 bits each,
* the max number of elements would be 512 MB/64bits =
* 67108864)
*/
public class ReadNames {
// Accepts unknown number of records
Vector<Long> names = new Vector<Long>();
long newID = 0L;
int count = 67108865;
int i = 0;
InputStreamReader input = new InputStreamReader(System.in);
Scanner reader = new Scanner(input);
public void addNames() {
try {
do {
// Adding unknown number of records to a list
// The user can enter more IDs than the heap can support and,
// as a result, exhaust the heap. Assume that the record ID
// is a 64 bit long value
System.out.print("Enter recordID (To quit, enter -1): ");
newID = reader.nextLong();
names.addElement(newID);
i++;
} while (i < count || newID != -1);
} finally {
input.close();
}
}
public static void main(String[] args) {
ShowHeapErrorReadNames demo = new ShowHeapErrorReadNames();
demo.addNames();
}
}
|
Compliant Solution
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="842ec1aeac3e1376-badb9039-4c144cd2-a4d1abf0-be3ba64814943381450e1615"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Resource Exhaustion [XZP] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-400. Uncontrolled resource consumption ("resource exhaustion") | ||||
| CWE-770. Allocation of resources without limits or throttling |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bb0915e20ce1d3f3-321572ff-4aa84013-a40d9bae-f00ec6804ba1a97eca8e5c63"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. References#API 06]] | Class | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5f5722e92b6c6454-ad882a7e-4e2d403e-bafc9974-ad3d0babb46ac025dac4f6a7"><ac:plain-text-body><![CDATA[ | [[Java 2006 | AA. References#Java 06]] | [java – The Java application launcher | http://java.sun.com/javase/6/docs/technotes/tools/windows/java.html], Syntax for increasing the heap size | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b3ee68bb578a1526-69903190-4f594331-9bba809d-009de2389d8d09cc9c22f17d"><ac:plain-text-body><![CDATA[ | [[SDN 2008 | AA. References#SDN 08]] | [Serialization FAQ | http://java.sun.com/javase/technologies/core/basic/serializationFAQ.jsp] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cc35bdf56336d01b-bad21dcb-4e404a2a-9c218e39-4d57c8cb44249e52944e3f4b"><ac:plain-text-body><![CDATA[ | [[Sun 2003 | AA. References#Sun 03]] | Chapter 5, Tuning the Java Runtime System, [Tuning the Java Heap | http://docs.sun.com/source/817-2180-10/pt_chap5.html#wp57027] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3b48d0b0bde3e2cf-0524328c-471b42e0-96a5a1e9-44644c95e6456fc5426d515a"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. References#Sun 06]] | [Garbage Collection Ergonomics | http://java.sun.com/javase/6/docs/technotes/guides/vm/gc-ergonomics.html ], Default values for the Initial and Maximum Heap Size | ]]></ac:plain-text-body></ac:structured-macro> |
...