You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2023/02/02 09:26:20 UTC
[tomcat] branch main updated: Restore ISE catching behavior
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 10733c4228 Restore ISE catching behavior
10733c4228 is described below
commit 10733c4228daece83195bb553ed97cf5996714f0
Author: remm <re...@apache.org>
AuthorDate: Thu Feb 2 10:25:53 2023 +0100
Restore ISE catching behavior
This looks like a Java defect though: IOE is caught and returns false,
while ISE is undocumented and simply falls out of the innocuous looking
call. Workaround to restore the previous behavior and assume false.
---
java/org/apache/tomcat/util/scan/JarFileUrlJar.java | 11 ++++++++++-
webapps/docs/changelog.xml | 5 +++++
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/scan/JarFileUrlJar.java b/java/org/apache/tomcat/util/scan/JarFileUrlJar.java
index 6b248021a3..b482f45033 100644
--- a/java/org/apache/tomcat/util/scan/JarFileUrlJar.java
+++ b/java/org/apache/tomcat/util/scan/JarFileUrlJar.java
@@ -65,7 +65,16 @@ public class JarFileUrlJar implements Jar {
jarFile = new JarFile(f, true, ZipFile.OPEN_READ, Runtime.version());
jarFileURL = url;
}
- multiRelease = jarFile.isMultiRelease();
+ boolean multiReleaseValue = false;
+ try {
+ multiReleaseValue = jarFile.isMultiRelease();
+ } catch (IllegalStateException e) {
+ // ISE can be thrown if the JAR URL is bad, for example:
+ // https://github.com/spring-projects/spring-boot/issues/33633
+ // The Javadoc does not document that ISE and given what it does for a vanilla IOE,
+ // this looks like a Java bug, it should return false instead.
+ }
+ multiRelease = multiReleaseValue;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index bb3e009784..acac9b56be 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -155,6 +155,11 @@
and any data remaining to be written is written in the background by the
container. (markt)
</fix>
+ <fix>
+ Avoid possible ISE when scanning from bad JAR URLs, to restore the
+ previous behavior following the removal of Java 9+ reflection code which
+ caught the ISE. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat] branch main updated: Restore ISE catching behavior
Posted by Mark Thomas <ma...@apache.org>.
On 02/02/2023 09:26, remm@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> remm pushed a commit to branch main
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/main by this push:
> new 10733c4228 Restore ISE catching behavior
> 10733c4228 is described below
>
> commit 10733c4228daece83195bb553ed97cf5996714f0
> Author: remm <re...@apache.org>
> AuthorDate: Thu Feb 2 10:25:53 2023 +0100
>
> Restore ISE catching behavior
>
> This looks like a Java defect though: IOE is caught and returns false,
> while ISE is undocumented and simply falls out of the innocuous looking
> call. Workaround to restore the previous behavior and assume false.
+1. I also looked at the JRE code and had reached the same conclusion.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org