Can make an OutOfMemoryException by sending a modified form list property with an high index [SPR-8375]

[spring-projects-issues]

Ludovic Praud opened SPR-8375 and commented

How to reproduce the problem

With a ModelAttribute such as :

class Model {
    List<String> getItems();
}

With a JSP such as :

<form:input path="items[0]" />

within an HTML form.

POST the form with modified items attribute :

items[100000000]=foo

and wait, wait, wait until the OutOfMemoryException.

Incriminated code

org.springframework.validation.DataBinder.autoGrowNestedPaths is default true, it should be false instead.

Workarounds

In a controller :

@InitBinder
public void initBinder(WebDataBinder binder) {
    binder.setAutoGrowNestedPaths(false);
}

or using an implementation of WebBindingInitializer :

public void initBinder(WebDataBinder binder, WebRequest request) {
    binder.setAutoGrowNestedPaths(false);
}

---

Affects: 3.0.5

Issue Links:

• #12498 DataBinder should be able to define a different strategy for BeanWrapperImpl how autogrowing should handle gaps in collection properties ("duplicates")

1 votes, 3 watchers

[spring-projects-issues]

Ludovic Praud commented

Ok, it would be better to limit the growing of list and array instead of removing auto-growing.