You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2022/10/26 10:57:59 UTC

[Bug 66325] New: NestedState concurrency issue

https://bz.apache.org/bugzilla/show_bug.cgi?id=66325

            Bug ID: 66325
           Summary: NestedState concurrency issue
           Product: Tomcat 8
           Version: 8.5.69
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: EL
          Assignee: dev@tomcat.apache.org
          Reporter: manuelramonleonjimenez@gmail.com
  Target Milestone: ----

We faced a jsp exception because the nestedState object is not properly
synchronized. Even though the line triggering the exception is commented with
"Should never happen", it happened to us making the page break.

The lines involved are:

<c:set var="aName">
   <c:out value="${someVariable.stream().filter(i -> i.getEvent() ==
'a-value').map(e -> e.getAsJson()).findFirst().orElse('')}" />
</c:set>

The error is:

SEVERE: Servlet.service() for servlet [bestsecret] in context with path []
threw exception [An exception occurred processing [/...] at line ...

...
java.lang.IllegalStateException: Nested state may only be set once
        at
org.apache.el.parser.AstLambdaExpression.setNestedState(AstLambdaExpression.java:123)
        at
org.apache.el.parser.AstLambdaExpression.getNestedState(AstLambdaExpression.java:114)
        at
org.apache.el.parser.AstLambdaExpression.getValue(AstLambdaExpression.java:43)
        at
org.apache.el.parser.AstMethodParameters.getParameters(AstMethodParameters.java:33)
        at org.apache.el.parser.AstValue.getValue(AstValue.java:157)
        at
org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:189)

Lines with the issue:
https://github.com/apache/tomcat/blob/main/java/org/apache/el/parser/AstLambdaExpression.java#L112-L124

The issue IMO is that between the check at line 113 and the check at line 121,
the nestedState is set, so the execution enters in the if triggering the
unexpected exception, breaking the whole JSP page. The blocks should be
synchronized on the object or any other measure taken.

Please fix it as you consider the better.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 66325] NestedState concurrency issue

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66325

--- Comment #2 from Mark Thomas <ma...@apache.org> ---
Unfortunately the fix isn't going to be that simple. Still exploring options.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 66325] NestedState concurrency issue

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66325

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Fixed in:
- main
- 10.1.x for 10.1.2 onwards
-  9.0.x for  9.0.69 onwards
-  8.5.x for  8.5.84 onwards

Moving the state to EvaluationContext was the correct fix - just not in the way
I had originally thought.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 66325] NestedState concurrency issue

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66325

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Thanks for the report.

The NestedState instance shouldn't be part of the AstLambdaExpression as
expressions are cached (parsing is expensive).

It looks like moving the NestedState to the EvaluationContext should fix this.
I'm looking at that now.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org