java.lang.OutOfMemoryError: Java heap space when decoding non GPP string

[alex-ro]

Add the following test in GppModelTest.java file.

  // java.lang.OutOfMemoryError: Java heap space
  @Test
  public void testDecodingExceptionValidStringButNotGPP() {
    try {
      GppModel gppModel = new GppModel("CP48G0AP48G0AEsACCPLAkEgAAAAAEPgAB5YAAAQaQD2F2K2kKFkPCmQWYAQBCijYEAhQAAAAkCBIAAgAUgQAgFIIAgAIFAAAAAAAAAQEgCQAAQABAAAIACgAAAAAAIAAAAAAAQQAAAAAIAAAAAAAAEAAAAAAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAgAA");
      Assertions.fail("Expected LazyDecodingException");
    } catch (DecodingException e) {

    }
  }

The proposed solution is to validate the first 2 numbers in the header of the message, to fail fast if the string is not GPP. So, in HeaderV1.java:

  private static final String ID_BITSTRING = "000011";
  private static final String VERSION_BITSTRING = "000001";
  private static final String HEADER_PREFIX_BITSTRING = ID_BITSTRING + VERSION_BITSTRING;
  @Override
  public void decode(String encodedString) throws DecodingException {
    String bitString = base64UrlEncoder.decode(encodedString);
    if (!bitString.startsWith(HEADER_PREFIX_BITSTRING)) {
      throw new DecodingException("Not GPP v1 string");
    };
    this.decodeFromBitString(bitString);
  }

[hhakimi53]

@chuff / @iabmayank : can someone please have a look at this as this may be potentially happening where the encoded GPP string passed can be without headers or malformed. Doing this integrity check within the library is better and more maintainable with upgrades to library.

[krjackso]

We are also seeing this issue

[ChristopherWirt]

We are also seeing this issue