-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
1.0.0.Alpha14
-
None
org.jboss.as.process.ManagedProcess$ReadTask.run() uses readLine() to read a line of output from the manage process' standard output/error streams, which cause the whole line to be loaded into memory.
Badly written applications may dump excessive amounts of data out in a single line, which would cause the process controller to temporarily use a large amount of memory to process it, potentially leading to an OutOfMemoryError. Practically speaking, with the default -Xmx512m it would require around 128 million characters in a single line to trigger, which is obviously very high.
Were an OOME to occur, it would almost certainly cause the stream to be closed, and "IOException: Broken pipe" exceptions to occur in the child process, which for WildFly would be caught an ignored by JBoss Logging. A hostile managed process exploiting this would be almost impossible.
A reasonable solution would probably be to limit size of the buffer read, causing it to split lines over a certain size (a few megabytes?). That would not likely cause any practical problems.