Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-dev] JVM Bug with String.substring and Cookies

Looks like we might have an accidentally triggered JVM bug with our Cookie handling.

The bug in question:

It essentially says that using String.substring() results in a reference to the portion of the string array held by the original String, not a new String with just the substring.

It was reported by Geir Magnusson Jr in #jetty on

<geir__> good day all - stupid question...  I'm looking to find jetty's implementation of Cookie
<geir__> looking in 6.1.24 source dist, I can't find any impl of javax.*
<geir__> I can't find it on
<geir__> either
<geir__> I'm trying to figure out how Jetty returns cookie values
<geir__> as there's a 'bug' in the JRE that leads to some surprising behavior
<geir__> is anyone cares, when jetty is processing the cookie, it uses String.substring()
<geir__> the problem w/ current JDK impl of this that it uses a private String CTOR that keeps a reference to the string from which the substring is made, rather than keep it separate
<geir__> the result is that cookie.getValue() will return a string which internally keeps a reference to the entire cookie string
<geir__> and if you decide to cache that, you're caching a lot (thousands of bytes) vs say the 20 byte string you thought you were
<geir__> not jettys fault
<joakime> interesting.
<joakime> geir__: do you feel this is present in both jetty6 (on and jetty7 (on
<joakime> do you have a url to that JVM bug, with details?
<joakime> found it ->
<geir__> oh, nice - there's a bug registered
<geir__> this just bit me as I use a value from cookie to get data which I cache, keyed by the cookie value....

This is an old bug in the JVM (since 1.4 days) and is not fixed yet.
I think we should evaluate our use of String.substring to see if we keep long term references to the Strings from that use.
WDYT?  Could this be affecting us?

- Joakim

Back to the top