Skip to content


Repository files navigation

The class grew out of a code review for a project that was using the readLine() function of to read a user-controlled file.  The security issue here is that, even if the number of lines to be read is limited, an attacker can still cause an OutOfMemoryError exception by providing a large file with no newline characters.  The readLine function will just keep going until it runs out of memory, creating a denial of service.

My team did some research into this issue, but the only thing we found was an old bug report that had been closed with the status of "Will Not Fix."  The suggested workaround was buggy and inconvenient, so I wrote the BoundedBufferedReader class to extend BufferedReader and add the capability to limit both line length and the number of lines read.  This class can be used in much the same way as the original BufferedReader class.

Included Files:
* is the main class
* processes the test case file using the BoundedBufferedReader.  Usage: "java ExampleUsage [maxLines] [maxLineLength]"
>> Both of these can be compiled with a simple "javac *.java")

* TestCase.txt is the test case file, which includes lines of various lengths, multiple types of newline chars, and some NULL chars.

* TestCase_output_Ref.text -- output of "java ExampleUsage"
* TestCase_output_Ref_20_20.text -- output of "java ExampleUsage 20 20"
* TestCase_output_Ref_1000_10.text -- output of "java ExampleUsage 1000 10"


Extension of to enforce bounds







No releases published


No packages published