You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

A Java heap space error occurs if infinite heap space is assumed and the program can crash. This error can be generated due to the following possible reasons:

1. A memory leak

2. An infinite loop

3. The program requires more memory than is present by default in the heap

 Non Compliant Code Example

A heap error will be generated if the heap is continued to be accessed even if there is no memory left in the heap.

  public class ShowHeapError {
    //assume that the vector has a very large number of entries. This could be possible if the query results returned from a database are stored in the vector
    Vector v = new Vector(50000);

    public void main(String[] args) {
         ListIterator iter = v.listIterator();
         while (iter.hasNext()){
             System.out.println((String)iter.next());
         }
    }
}

Compliant solution

This exception can be avoided by either making sure that there are no infinite loops or memory leaks. If the programmer knows that the application would require a lot of memory then, he can increase the heap size in Java using the following runtime parameters:

java -Xms<initial heap size> -Xmx<maximum heap size>

for example:

java -Xms128m -Xmx512m ShowHeapError

Here we have set the initial  heap size as 128Mb and the maximum heap size as 512Mb.

This setting can be done either in the Java Control Panel or on the command line.

Risk Assessment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO37-J

medium

probable

medium

P3

L3

 Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+FIO37-JCERT website

 

  • No labels