https://issues.apache.org/bugzilla/show_bug.cgi?id=52579
--- Comment #5 from Konstantin Kolinko <knst.koli...@gmail.com> 2012-02-04 00:46:39 UTC --- (In reply to comment #3) > Created attachment 28257 [details] > new implementation of ByteChunk.toStringInternal() > -1. There are two errors: 1) "return new String(buff, start, end-start);" is just wrong. It converts bytes to String using OS default encoding. As far as I understand the "result.isUnderflow()" condition means that all input data has been processed. This "return new String" code just handles an unexpected state. I suggest to replace that code by "cr.throwException();". 2) "charset.newDecoder()" is expected to be an expensive operation. In scenario of CVE-2012-0022 I expect it to have notable impact on performance. Charset.decode() uses a ThreadLocal-based cache of decoders. Maybe we can implement something like that cache, or just use a simple ThreadLocal (or other way) to pass a Decoder instance around while processing the same request. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
