When I innocently query a job through api/xml with an xpath parameter my server becomes unusable due to OutOfMemoryError: Java heap space.

The API docs on the job page do mention this might be a problem but I think the server should guard against such trouble if it can. I suppose it would have to know something about it's capacity in terms of heap memory as well as a rough estimate of the space required to process the requested xml.

I see that I can "fix" the issue on the client side by adding a `tree` parameter and I am using that as a workaround.

Details:

Jenkins: 2.504.2 OS: Linux - 6.8.0-1029-aws Java: 21.0.7 - Ubuntu (OpenJDK 64-Bit Server VM) —

I am running directly on an AWS instance.

Installed with debian package.

A python script is making the API requests but a browser accessing the same URL will cause the issue as well.

An example stack trace is attached for an instance running jenkins 2.426.3. The problem manifests with a different error on 2.504.2 with a URL like /view/Nightlies/job/master-nightly-pipeline/api/json?pretty=true

 

```

Jun 05 15:17:25 jenkins-dev jenkins[154736]: Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread "JNA Cleaner"

```

 

The job I am querying is a multijob project:

```

<com.tikal.jenkins.plugins.multijob.MultiJobProject plugin="jenkins-multijob-plugin@659.v6633374ec624">

```

It has 14 jobs in its history to query.

The system busy with about 20 jobs (running on nodes in AWS) shows the following heap/memory characteristics:

```

1. jattach 1397937 inspectheap > heap.log
2. head heap.log 
   Connected to remote JVM
   JVM response code = 0
    num     #instances         #bytes  class name (module)
   -------------------------------------------------------
      1:        514437      129013728  [B (java.base@17.0.15)
      2:        553032       17697024  java.util.concurrent.ConcurrentHashMap$Node (java.base@17.0.15)
      3:        498881       11973144  java.lang.String (java.base@17.0.15)
      4:          2641        9241984  [F (java.base@17.0.15)
      5:        492090        7873440  java.lang.Object (java.base@17.0.15)
      6:        222564        7122048  java.util.HashMap$Node (java.base@17.0.15)
3. tail heap.log 
   12544:             1             16  sun.util.locale.provider.CalendarDataUtility$CalendarFieldValueNamesMapGetter (java.base@17.0.15)
   12545:             1             16  sun.util.locale.provider.CalendarDataUtility$CalendarWeekParameterGetter (java.base@17.0.15)
   12546:             1             16  sun.util.locale.provider.CalendarNameProviderImpl$LengthBasedComparator (java.base@17.0.15)
   12547:             1             16  sun.util.locale.provider.LocaleResources$$Lambda$139/0x00000058010fe6a8 (java.base@17.0.15)
   12548:             1             16  sun.util.locale.provider.TimeZoneNameUtility$TimeZoneNameGetter (java.base@17.0.15)
   12549:             1             16  sun.util.logging.internal.LoggingProviderImpl (java.logging@17.0.15)
   12550:             1             16  sun.util.resources.LocaleData$LocaleDataStrategy (java.base@17.0.15)
   12551:             1             16  sun.util.resources.cldr.provider.CLDRLocaleDataMetaInfo (jdk.localedata@17.0.15)
   Total       3941483      272499128

1. free -h
                  total        used        free      shared  buff/cache   available
   Mem:           3.8Gi       2.0Gi       625Mi       728Ki       1.4Gi       1.8Gi
   Swap:          1.0Gi       123Mi       900Mi

```