A buffered reader for a string (line) would do something like this, by default:
So there are actually 2 potential offences here. First, a really long inputstream without a line terminator in it will cause output to get bigger and bigger and bigger until memory is exhausted. Secondly, since the actual storage used by output is a fixed size, periodically the string manager will run out of room and have to re-allocate a new character buffer within the String, so that's extra processing overhead.
To avoid this, their recommended practice is basically to implement your own version of the readLine method, but to put a check in at the point I marked (XXXX) that says once a certain number of characters have been processed, something is wrong. Throw an exception or truncate the string.
Note that I have simplified what actually happens here, so don't try to use this code verbatim!
An IDE is no substitute for an Intelligent Developer.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
subject: AppDos Vulnerability with BufferedReader.readLine()