You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openjpa.apache.org by "Jody Grassel (JIRA)" <ji...@apache.org> on 2016/10/10 16:43:20 UTC
[jira] [Work started] (OPENJPA-2672)
ConfigurationImpl.loadGlobals() has
java.util.ConcurrentModificationException vulnerability
[ https://issues.apache.org/jira/browse/OPENJPA-2672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on OPENJPA-2672 started by Jody Grassel.
---------------------------------------------
> ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException vulnerability
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-2672
> URL: https://issues.apache.org/jira/browse/OPENJPA-2672
> Project: OpenJPA
> Issue Type: Bug
> Components: lib
> Affects Versions: 2.2.3
> Reporter: Jody Grassel
> Assignee: Jody Grassel
>
> The following block in the loadGlobals() method:
> // let system properties override other globals
> try {
> fromProperties(new HashMap(
> AccessController.doPrivileged(
> J2DoPrivHelper.getPropertiesAction())));
> retrieves a Properties object from System.getProperties(), which is passed to HashMap's ctor. The ctor interacts with an enumerator associated with the Properties object to populate the new HashMap instance. However, if another thread mutates the JVM's System Properties, it can result in a ConcurrentModificationException as observed below:
> Caused by: java.util.ConcurrentModificationException
> at java.util.Hashtable$Enumerator.next(Hashtable.java:1256)
> at java.util.HashMap.putAllForCreate(HashMap.java:566)
> at java.util.HashMap.<init>(HashMap.java:310)
> at org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)