Bug ID: JDK-6853793 OutOfMemoryError in sun.security.provider.certpath.OCSPChecker.check

Type: Bug
Component: security-libs
Sub-Component: java.security
Affected Version: 6u10

Priority: P3
Status: Resolved
Resolution: Fixed
OS: windows_xp
CPU: x86

Submitted: 2009-06-23
Updated: 2010-09-29
Resolved: 2009-07-17

JDK 6	JDK 7
6u18Fixed	7 b66Fixed

FULL PRODUCT VERSION :
java version "1.6.0_14"
Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
Java HotSpot(TM) Client VM (build 14.0-b16, mixed mode, sharing)


ADDITIONAL OS VERSION INFORMATION :
WindowXP

EXTRA RELEVANT SYSTEM CONFIGURATION :
Behind a firewall and using a corporate proxy server.

A DESCRIPTION OF THE PROBLEM :
Accessing any of the javax samples (and other websites, e.g. WorldWind examples) always gives me an OutOfMemoryError (see expected results).

I believe the problem is related to an incorrect handling of HTTP responses, which do NOT include the content-length header field, in sun.security.provider.certpath.OCSPChecker.check().

Grabbing the source code from openjdk7 for OCSPChecker.check(), I came across the follow code (around line 353):

           int contentLength = con.getContentLength();
            if (contentLength == -1) {
                contentLength = Integer.MAX_VALUE;
            }

            byte[] response = new byte[contentLength];


This would explain the out of memory exception, which CONSISTENTLY occurs in the check function.
 
However, I cannot say that this is definitely what is causing the problem, but I'm not really sure how to work around the issue. Webstart works fine with local files, etc.



STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
One way to do this, if you're behind a firewall with an appropriate proxy-server, etc:

javaws http://javafx.com/samples/Sudoku/webstart/Sudoku.jnlp




ERROR MESSAGES/STACK TRACES THAT OCCUR :
Validating http://javafx.com/samples/Carousel/webstart/Carousel.jar , version null...
Reading certificates from 341411 http://dl.javafx.com/javafx-rt-windows-i586__V1.2.0_b233.jar | C:\Documents and Settings\64537\Application Data\Sun\Java\Deployment\cache\6.0\44\50f3f12c-2e251feb.idx
Reading certificates from 10233 http://dl.javafx.com/javafx-rt-natives-windows-i586__V1.2.0_b233.jar | C:\Documents and Settings\64537\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-29cf7e69.idx

exception: Java heap space.
java.lang.OutOfMemoryError: Java heap space
	at sun.security.provider.certpath.OCSPChecker.check(Unknown Source)
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
	at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
	at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
	at sun.security.validator.Validator.validate(Unknown Source)
	at sun.security.validator.Validator.validate(Unknown Source)
	at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
	at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
	at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
	at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
	at sun.plugin2.applet.JNLP2Manager.prepareLaunchFile(Unknown Source)
	at sun.plugin2.applet.JNLP2Manager.loadJarFiles(Unknown Source)
	at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Exception: java.lang.OutOfMemoryError: Java heap space



REPRODUCIBILITY :
This bug can be reproduced always.

EVALUATION allocate memory dynamically if no HTTP content-length specified.

03-07-2009