A Java heap space error occurs if infinite heap space is assumed and the program can crash. This error can be generated due to the following possible reasons:
1. A memory leak
2. An infinite loop
3. The program requires more memory than is present by default in the heap
Non Compliant Code Example
A heap error will be generated if the heap is continued to be accessed even if there is no memory left in the heap.
 public class ShowHeapError {
//assume that the vector has a very large number of entries. This could be possible if the query results returned from a database are stored in the vector
Vector v = new Vector(50000);
public void main(String[] args) {
ListIterator iter = v.listIterator();
while (iter.hasNext()){
System.out.println((String)iter.next());
}
}
}
Compliant solution
This exception can be avoided by either making sure that there are no infinite loops or memory leaks. If the programmer knows that the application would require a lot of memory then, he can increase the heap size in Java using the following runtime parameters:
java -Xms<initial heap size> -Xmx<maximum heap size>
for example:
java -Xms128m -Xmx512m ShowHeapError
Here we have set the initial heap size as 128Mb and the maximum heap size as 512Mb.
This setting can be done either in the Java Control Panel or on the command line.
Risk Assessment
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO37-J |
medium |
probable |
medium |
P3 |
L3 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website