[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[jetty-dev] JVM Bug with String.substring and Cookies
|
Looks like we might have an accidentally triggered JVM bug with our Cookie handling.
It essentially says that using String.substring() results in a reference to the portion of the string array held by the original String, not a new String with just the substring.
<geir__> good day all - stupid question... I'm looking to find jetty's implementation of Cookie
<geir__> looking in 6.1.24 source dist, I can't find any impl of javax.*
<geir__> either
<geir__> I'm trying to figure out how Jetty returns cookie values
<geir__> as there's a 'bug' in the JRE that leads to some surprising behavior
<geir__> is anyone cares, when jetty is processing the cookie, it uses String.substring()
<geir__> the problem w/ current JDK impl of this that it uses a private String CTOR that keeps a reference to the string from which the substring is made, rather than keep it separate
<geir__> the result is that cookie.getValue() will return a string which internally keeps a reference to the entire cookie string
<geir__> and if you decide to cache that, you're caching a lot (thousands of bytes) vs say the 20 byte string you thought you were
<geir__> not jettys fault
<joakime> interesting.
<joakime> do you have a url to that JVM bug, with details?
<geir__> oh, nice - there's a bug registered
<geir__> this just bit me as I use a value from cookie to get data which I cache, keyed by the cookie value....
This is an old bug in the JVM (since 1.4 days) and is not fixed yet.
I think we should evaluate our use of String.substring to see if we keep long term references to the Strings from that use.
WDYT? Could this be affecting us?
- Joakim
