Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-38615

Very large notifications can cause OOMEs

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      We had a situation where a user commented on a jira issue with a text 25MB comment. This was sent as a workbox notification to Confluence, which promptly died trying to sanitise the string:

      2015-07-24 00:35:17,952 ERROR [catalina-exec-33] [common.error.jersey.ThrowableExceptionMapper] toResponse Uncaught exception thrown by REST service: Java heap space
 -- url: /rest/mywork/1/notification | userName: <REDACTED>
java.lang.OutOfMemoryError: Java heap space
	at org.apache.xerces.dom.CharacterDataImpl.appendData(Unknown Source)
	at org.cyberneko.html.parsers.DOMFragmentParser.characters(DOMFragmentParser.java:465)
	at org.cyberneko.html.HTMLTagBalancer.characters(HTMLTagBalancer.java:798)
	at com.atlassian.xhtml.parsing.BlockIsolatingTagBalancer.characters(BlockIsolatingTagBalancer.java:171)
	at org.cyberneko.html.filters.DefaultFilter.characters(DefaultFilter.java:156)
	at org.cyberneko.html.HTMLScanner$ContentScanner.scanCharacters(HTMLScanner.java:2059)
	at org.cyberneko.html.HTMLScanner$ContentScanner.scan(HTMLScanner.java:1910)
	at org.cyberneko.html.HTMLScanner.scanDocument(HTMLScanner.java:877)
	at org.cyberneko.html.HTMLConfiguration.parse(HTMLConfiguration.java:495)
	at org.cyberneko.html.HTMLConfiguration.parse(HTMLConfiguration.java:448)
	at org.cyberneko.html.parsers.DOMFragmentParser.parse(DOMFragmentParser.java:166)
	at org.owasp.validator.html.scan.AntiSamyDOMScanner.scan(AntiSamyDOMScanner.java:172)
	at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:113)
	at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:92)
	at com.atlassian.mywork.host.service.HTMLServiceImpl.clean(HTMLServiceImpl.java:28)
	at com.atlassian.mywork.host.service.LocalNotificationServiceImpl.createOrUpdate(LocalNotificationServiceImpl.java:164)

      We should have some sort of safeguard that limits the size of notifications

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONFCLOUD-38615 Very large notifications can cause OOMEs

          • High - High priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-38699 Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

          • Low - Low priority issues
          • Closed
          included in

          [JIRA] CPU-64 Confluence 5.9.1-OD-2015.47.1-0002

          [JIRA] CPU-282 Confluence 6.0.0-OD-2016.06.1-0007

          [JIRA] CPU-283 Confluence 6.0.0-OD-2016.06.1-0008

          [JIRA] CPU-287 Confluence 6.0.0-OD-2016.06.1-0009

          links to

          Web Link Pull request : https://bitbucket.org/atlassian/myworkday/pull-requests/88/issue-58-conf-38615/diff

          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            People

              lho@atlassian.com Le Ho (Inactive)
              drizzuto David Rizzuto
              Votes:
              1 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: