You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/06/10 16:19:17 UTC
[tomcat] branch 8.5.x updated: Fix BZ 64506 Correct race condition
on resource lookup
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 3dc63ee Fix BZ 64506 Correct race condition on resource lookup
3dc63ee is described below
commit 3dc63ee9b555aa58fec3f5cb52e083b12dc6ac85
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jun 10 17:17:20 2020 +0100
Fix BZ 64506 Correct race condition on resource lookup
https://bz.apache.org/bugzilla/show_bug.cgi?id=64506
---
java/org/apache/catalina/webresources/Cache.java | 18 ++++++++++++++++++
.../apache/catalina/webresources/CachedResource.java | 5 +++++
webapps/docs/changelog.xml | 5 +++++
3 files changed, 28 insertions(+)
diff --git a/java/org/apache/catalina/webresources/Cache.java b/java/org/apache/catalina/webresources/Cache.java
index 2494527..b2ce23c 100644
--- a/java/org/apache/catalina/webresources/Cache.java
+++ b/java/org/apache/catalina/webresources/Cache.java
@@ -108,6 +108,24 @@ public class Cache {
}
} else {
// Another thread added the entry to the cache
+ if (cacheEntry.usesClassLoaderResources() != useClassLoaderResources) {
+ // Race condition adding cache entries with the same path
+ // but differing values for useClassLoaderResources.
+ // Cache only supports one entry per path with one value of
+ // useClassLoaderResources.
+ // Let the other thread "win" and add the resource to the
+ // cache. This thread will receive a cacheEntry instance
+ // that isn't added to the cache.
+ // There are assumptions here. They are:
+ // - refactoring the Cache to use a combined key of
+ // path+useClassLoaderResources adds unnecessary
+ // complexity
+ // - the race condition is rare (over the lifetime of an
+ // application)
+ // - it would be rare for an application to need to cache a
+ // resource for both values of useClassLoaderResources
+ cacheEntry = newCacheEntry;
+ }
// Make sure it is validated
cacheEntry.validateResource(useClassLoaderResources);
}
diff --git a/java/org/apache/catalina/webresources/CachedResource.java b/java/org/apache/catalina/webresources/CachedResource.java
index b77862a..db4c6d5 100644
--- a/java/org/apache/catalina/webresources/CachedResource.java
+++ b/java/org/apache/catalina/webresources/CachedResource.java
@@ -404,6 +404,11 @@ public class CachedResource implements WebResource {
return webResources;
}
+ boolean usesClassLoaderResources() {
+ return usesClassLoaderResources;
+ }
+
+
// Assume that the cache entry will always include the content unless the
// resource content is larger than objectMaxSizeBytes. This isn't always the
// case but it makes tracking the current cache size easier.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3bd7d26..4e19e8c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -57,6 +57,11 @@
Implement a significant portion of the TLS environment variables for
the rewrite valve. (remm)
</update>
+ <fix>
+ <bug>64506</bug>: Correct a potential race condition in the resource
+ cache implementation that could lead to
+ <code>NullPointerException</code>s during class loading. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org