On Wed, 15 Jan 2025 10:50:55 GMT, Volkan Yazıcı <[email protected]> wrote:
>> Adds `limiting()` factory methods to
>> `HttpResponse.Body{Handlers,Subscribers}` to handle excessive server input
>> in `HttpClient`. I would appreciate your input whether `discardExcess`
>> should be kept or dropped. I plan to file a CSR once there is an agreement
>> on the PR.
>
> Volkan Yazıcı has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Remove concurrency measures (methods are accessed serially due to the
> Reactive Streams spec)
src/java.net.http/share/classes/jdk/internal/net/http/LimitingSubscriber.java
line 118:
> 116: private boolean allocateLength(List<ByteBuffer> buffers) {
> 117: long bufferLength =
> buffers.stream().mapToLong(Buffer::remaining).sum();
> 118: long nextLength = Math.addExact(length, bufferLength);
`Math.addExact` throws a `ArithmeticException` if there's an overflow during
the addition. In its current form, this code can end up propagating the
exception from here. Instead we should add a try/catch block to catch it and
return false (implying the capacity has exceeded).
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23096#discussion_r1916789822
