android: 使用okhttp可能引發OOM的一個點


遇到一個問題: 需要給所有的請求加簽名校驗以防刷接口;傳入請求url及body生成一個文本串作為一個header傳給服務端;已經有現成的簽名檢驗方法String doSignature(String url, byte[] body);當前網絡庫基於com.squareup.okhttp3:okhttp:3.14.2.

這很簡單了,當然是寫一個interceptor然后將request對象的url及body傳入就好.於是有:

public class SignInterceptor implements Interceptor {
    @NonNull
    @Override
    public Response intercept(@NonNull Chain chain) throws IOException {
        Request request = chain.request();
        RequestBody body = request.body();
        byte[] bodyBytes = null;
        if (body != null) {
            final Buffer buffer = new Buffer();
            body.writeTo(buffer);
            bodyBytes = buffer.readByteArray();
        }

        Request.Builder builder = request.newBuilder();
        HttpUrl oldUrl = request.url();
        final String url = oldUrl.toString();
        final String signed = doSignature(url, bodyBytes));
        if (!TextUtils.isEmpty(signed)) {
            builder.addHeader(SIGN_KEY_NAME, signed);
        }
        return chain.proceed(builder.build());
    }
}

okhttp的ReqeustBody是一個抽象類,內容輸出只有writeTo方法,將內容寫入到一個BufferedSink接口實現體里,然后再將數據轉成byte[]也就是內存數組.能達到目的的類只有Buffer,它實現了BufferedSink接口並能提供轉成內存數組的方法readByteArray. 這貌似沒啥問題呀,能造成OOM?

是的,要看請求類型,如果是一個上傳文件的接口呢?如果這個文件比較大呢?上傳接口有可能會用到public static RequestBody create(final @Nullable MediaType contentType, final File file)方法,如果是針對文件的實現體它的writeTo方法是sink.writeAll(source);而我們傳給簽名方法時用到的Buffer.readByteArray是將緩沖中的所有內容轉成了內存數組, 這意味着文件中的所有內容被轉成了內存數組, 就是在這個時機容易造成OOM! RequestBody.create源碼如下:

  public static RequestBody create(final @Nullable MediaType contentType, final File file) {
    if (file == null) throw new NullPointerException("file == null");

    return new RequestBody() {
      @Override public @Nullable MediaType contentType() {
        return contentType;
      }

      @Override public long contentLength() {
        return file.length();
      }

      @Override public void writeTo(BufferedSink sink) throws IOException {
        try (Source source = Okio.source(file)) {
          sink.writeAll(source);
        }
      }
    };
  }

可以看到實現體持有了文件,Content-Length返回了文件的大小, 內容全部轉給了Source對象。

這確實是以前非常容易忽略的一個點,很少有對請求體作額外處理的操作,而一旦這個操作變成一次性的大內存分配, 非常容易造成OOM. 所以要如何解決呢? 簽名方法又是如何處理的呢? 原來這個簽名方法在這里偷了個懶——它只讀取傳入body的前4K內容,然后只針對這部分內容進行了加密,至於傳入的這個內存數組本身多大並不考慮,完全把風險和麻煩丟給了外部(優秀的SDK!).

快速的方法當然是羅列白名單,針對上傳接口服務端不進行加簽驗證, 但這容易掛一漏萬,而且增加維護成本, 要簽名方法sdk的人另寫合適的接口等於要他們的命, 所以還是得從根本解決. 既然簽名方法只讀取前4K內容,我們便只將內容的前4K部分讀取再轉成方法所需的內存數組不就可了? 所以我們的目的是: 期望RequestBody能夠讀取一部分而不是全部的內容. 能否繼承RequestBody重寫它的writeTo? 可以,但不現實,不可能全部替代現有的RequestBody實現類, 同時ok框架也有可能創建私有的實現類. 所以只能針對writeTo的參數BufferedSink作文章, 先得了解BufferedSink又是如何被okhttp框架調用的.

BufferedSink相關的類包括Buffer, Source,都屬於okio框架,okhttp只是基於okio的一坨, okio沒有直接用java的io操作,而是另行寫了一套io操作,具體是數據緩沖的操作.接上面的描述, Source是怎么創建, 同時又是如何操作BufferedSink的? 在Okio.java中:

  public static Source source(File file) throws FileNotFoundException {
    if (file == null) throw new IllegalArgumentException("file == null");
    return source(new FileInputStream(file));
  }
 
  public static Source source(InputStream in) {
    return source(in, new Timeout());
  }

  private static Source source(final InputStream in, final Timeout timeout) {
    return new Source() {
      @Override public long read(Buffer sink, long byteCount) throws IOException {
        try {
          timeout.throwIfReached();
          Segment tail = sink.writableSegment(1);
          int maxToCopy = (int) Math.min(byteCount, Segment.SIZE - tail.limit);
          int bytesRead = in.read(tail.data, tail.limit, maxToCopy);
          if (bytesRead == -1) return -1;
          tail.limit += bytesRead;
          sink.size += bytesRead;
          return bytesRead;
        } catch (AssertionError e) {
          if (isAndroidGetsocknameError(e)) throw new IOException(e);
          throw e;
        }
      }

      @Override public void close() throws IOException {
        in.close();
      }

      @Override public Timeout timeout() {
        return timeout;
      }
    };
  }

Source把文件作為輸入流inputstream進行了各種讀操作, 但是它的read方法參數卻是個Buffer實例,它又是從哪來的,又怎么和BufferedSink關聯的? 只好再繼續看BufferedSink.writeAll的實現體。

BufferedSink的實現類就是Buffer, 然后它的writeAll方法:

  @Override public long writeAll(Source source) throws IOException {
    if (source == null) throw new IllegalArgumentException("source == null");
    long totalBytesRead = 0;
    for (long readCount; (readCount = source.read(this, Segment.SIZE)) != -1; ) {
      totalBytesRead += readCount;
    }
    return totalBytesRead;
  }

原來是顯式的調用了Source.read(Buffer,long)方法,這樣就串起來了,那個Buffer參數原來就是自身。

基本可以確定只要實現BufferedSink接口類, 然后判斷讀入的內容超過指定大小就停止寫入就返回就可滿足目的, 可以名之FixedSizeSink.

然而麻煩的是BufferedSink的接口非常多, 將近30個方法, 不知道框架會在什么時機調用哪個方法,只能全部都實現! 其次是接口方法的參數有很多okio的類, 這些類的用法需要了解, 否則一旦用錯了效果適得其反. 於是對一個類的了解變成對多個類的了解, 沒辦法只能硬着頭皮寫.

第一個接口就有點蛋疼: Buffer buffer(); BufferedSink返回一個Buffer實例供外部調用, BufferedSink的實現體即是Buffer, 然后再返回一個Buffer?! 看了半天猜測BufferedSink是為了提供一個可寫入的緩沖對象, 但框架作者也懶的再搞接口解耦的那一套了(唉,大家都是怎么簡單怎么來). 於是FixedSizeSink至少需要持有一個Buffer對象, 它作實際的數據緩存,同時可以在需要Source.read(Buffer ,long)的地方作為參數傳過去.

同時可以看到RequestBody的一個實現類FormBody, 用這個Buffer對象直接寫入一些數據:

  private long writeOrCountBytes(@Nullable BufferedSink sink, boolean countBytes) {
    long byteCount = 0L;

    Buffer buffer;
    if (countBytes) {
      buffer = new Buffer();
    } else {
      buffer = sink.buffer();
    }

    for (int i = 0, size = encodedNames.size(); i < size; i++) {
      if (i > 0) buffer.writeByte('&');
      buffer.writeUtf8(encodedNames.get(i));
      buffer.writeByte('=');
      buffer.writeUtf8(encodedValues.get(i));
    }

    if (countBytes) {
      byteCount = buffer.size();
      buffer.clear();
    }

    return byteCount;
  }

有這樣的操作就有可能限制不了緩沖區大小變化!不過數據量應該相對小一些而且這種用法場景相對少,我們指定的大小應該能覆蓋的了這種情況。

接着還有一個接口BufferedSink write(ByteString byteString), 又得了解ByteString怎么使用, 真是心力交瘁啊...

  @Override public Buffer write(ByteString byteString) {
    byteString.write(this);
    return this;
  }

Buffer實現體里可以直接調用ByteString.write(Buffer)因為是包名訪問,自己實現的FixedSizeSink聲明在和同一包名package okio;也可以這樣使用,如果是其它包名只能先轉成byte[]了, ByteString應該不大不然也不能這么搞(沒有找到ByteString讀取一段數據的方法):

    @Override
    public BufferedSink write(@NotNull ByteString byteString) throws IOException {
        byte[] bytes = byteString.toByteArray();
        this.write(bytes);
        return this;
    }

總之就是把這些對象轉成內存數組或者Buffer能夠接受的參數持有起來!

重點關心的writeAll反而相對好實現一點, 我們連續讀取指定長度的內容直到內容長度達到我們的閾值就行.

還有一個蛋疼的點是各種對象的read/write數據流方向:
Caller.read(Callee)/Caller.write(Callee), 有的是從Caller到Callee, 有的是相反,被一個小類整的有點頭疼……

最后上完整代碼, 如果發現什么潛在的問題也可以交流下~:

public class FixedSizeSink implements BufferedSink {
    private static final int SEGMENT_SIZE = 4096;
    private final Buffer mBuffer = new Buffer();
    private final int mLimitSize;

    private FixedSizeSink(int size) {
        this.mLimitSize = size;
    }

    @Override
    public Buffer buffer() {
        return mBuffer;
    }

    @Override
    public BufferedSink write(@NotNull ByteString byteString) throws IOException {
        byte[] bytes = byteString.toByteArray();
        this.write(bytes);
        return this;
    }

    @Override
    public BufferedSink write(@NotNull byte[] source) throws IOException {
        this.write(source, 0, source.length);
        return this;
    }

    @Override
    public BufferedSink write(@NotNull byte[] source, int offset,
            int byteCount) throws IOException {
        long available = mLimitSize - mBuffer.size();
        int count = Math.min(byteCount, (int) available);
        android.util.Log.d(TAG, String.format("FixedSizeSink.offset=%d,"
                         "count=%d,limit=%d,size=%d",
                offset, byteCount, mLimitSize, mBuffer.size()));
        if (count > 0) {
            mBuffer.write(source, offset, count);
        }
        return this;
    }

    @Override
    public long writeAll(@NotNull Source source) throws IOException {
        this.write(source, mLimitSize);
        return mBuffer.size();
    }

    @Override
    public BufferedSink write(@NotNull Source source, long byteCount) throws IOException {
        final long count = Math.min(byteCount, mLimitSize - mBuffer.size());
        final long BUFFER_SIZE = Math.min(count, SEGMENT_SIZE);
        android.util.Log.d(TAG, String.format("FixedSizeSink.count=%d,limit=%d"
                         ",size=%d,segment=%d",
                byteCount, mLimitSize, mBuffer.size(), BUFFER_SIZE));
        long totalBytesRead = 0;
        long readCount;
        while (totalBytesRead < count && (readCount = source.read(mBuffer, BUFFER_SIZE)) != -1) {
            totalBytesRead = readCount;
        }
        return this;
    }

    @Override
    public int write(ByteBuffer src) throws IOException {
        final int available = mLimitSize - (int) mBuffer.size();
        if (available < src.remaining()) {
            byte[] bytes = new byte[available];
            src.get(bytes);
            this.write(bytes);
            return bytes.length;
        } else {
            return mBuffer.write(src);
        }
    }

    @Override
    public void write(@NotNull Buffer source, long byteCount) throws IOException {
        mBuffer.write(source, Math.min(byteCount, mLimitSize - mBuffer.size()));
    }

    @Override
    public BufferedSink writeUtf8(@NotNull String string) throws IOException {
        mBuffer.writeUtf8(string);
        return this;
    }

    @Override
    public BufferedSink writeUtf8(@NotNull String string, int beginIndex, int endIndex)
            throws IOException {
        mBuffer.writeUtf8(string, beginIndex, endIndex);
        return this;
    }

    @Override
    public BufferedSink writeUtf8CodePoint(int codePoint) throws IOException {
        mBuffer.writeUtf8CodePoint(codePoint);
        return this;
    }

    @Override
    public BufferedSink writeString(@NotNull String string,
            @NotNull Charset charset) throws IOException {
        mBuffer.writeString(string, charset);
        return this;
    }

    @Override
    public BufferedSink writeString(@NotNull String string, int beginIndex, int endIndex,
            @NotNull Charset charset) throws IOException {
        mBuffer.writeString(string, beginIndex, endIndex, charset);
        return this;
    }

    @Override
    public BufferedSink writeByte(int b) throws IOException {
        mBuffer.writeByte(b);
        return this;
    }

    @Override
    public BufferedSink writeShort(int s) throws IOException {
        mBuffer.writeShort(s);
        return this;
    }

    @Override
    public BufferedSink writeShortLe(int s) throws IOException {
        mBuffer.writeShortLe(s);
        return this;
    }

    @Override
    public BufferedSink writeInt(int i) throws IOException {
        mBuffer.writeInt(i);
        return this;
    }

    @Override
    public BufferedSink writeIntLe(int i) throws IOException {
        mBuffer.writeIntLe(i);
        return this;
    }

    @Override
    public BufferedSink writeLong(long v) throws IOException {
        mBuffer.writeLong(v);
        return this;
    }

    @Override
    public BufferedSink writeLongLe(long v) throws IOException {
        mBuffer.writeLongLe(v);
        return this;
    }

    @Override
    public BufferedSink writeDecimalLong(long v) throws IOException {
        mBuffer.writeDecimalLong(v);
        return this;
    }

    @Override
    public BufferedSink writeHexadecimalUnsignedLong(long v) throws IOException {
        mBuffer.writeHexadecimalUnsignedLong(v);
        return this;
    }

    @Override
    public void flush() throws IOException {
        mBuffer.flush();
    }

    @Override
    public BufferedSink emit() throws IOException {
        mBuffer.emit();
        return this;
    }

    @Override
    public BufferedSink emitCompleteSegments() throws IOException {
        mBuffer.emitCompleteSegments();
        return this;
    }

    @Override
    public OutputStream outputStream() {
        return mBuffer.outputStream();
    }

    @Override
    public boolean isOpen() {
        return mBuffer.isOpen();
    }

    @Override
    public Timeout timeout() {
        return mBuffer.timeout();
    }

    @Override
    public void close() throws IOException {
        mBuffer.close();
    }
}


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM