You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by ArunaGanesan <ar...@gmail.com> on 2010/01/12 12:06:50 UTC
Infinite Loop due to inconsistent hashmap, in ApacheXMLSecurityJava
XMLUtil.class
We are using WSS4J, AxisJ and ApacheXMLSecurityJava for contacting a
webservice using SOAP. One of our tool makes parallel SOAP requests to this
web service. This tool runs on a m/c with 32 virtual processors.
We were running into a process block a way too often.We did a jstack on the
process and the process seem to be doing this.
at java.util.HashMap.get(HashMap.java:303)
at
org.apache.xml.security.utils.XMLUtils.createElementInSignatureSpace(Unknown
Source)
Everytime we get the same jstack when the process stops making progress.
At this point, the process stops and the CPU starts spiking.
When we looked at the XMLUtils code, we found that the class is not thread
safe.
There is a hashmap namePrefixes that is used without synchronization. It
seems that a hashmap without synchronization can cause infinite loop
http://lightbody.net/blog/2005/07/hashmapget_can_cause_an_infini.html
Since the hash map used in the class is a static object, we guess the hash
map is left in an inconsistent state.
Is there any solution available so that we can get rid of this infinite
loop.
--
View this message in context: http://old.nabble.com/Infinite-Loop-due-to-inconsistent-hashmap%2C-in-ApacheXMLSecurityJava-XMLUtil.class-tp27125974p27125974.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: Infinite Loop due to inconsistent hashmap,
in ApacheXMLSecurityJava XMLUtil.class
Posted by Sean Mullan <Se...@Sun.COM>.
We usually have 1-2 releases a year. I don't believe there is any time
table for the next release.
The fix for this is very simple and in the meantime you could create a
patch and just replace the XMLUtils.class in your xmlsec.jar:
$ svn diff -r792509 XMLUtils.java
Index: XMLUtils.java
===================================================================
--- XMLUtils.java (revision 792509)
+++ XMLUtils.java (working copy)
@@ -227,7 +227,8 @@
static String dsPrefix=null;
- static Map namePrefixes=new HashMap();
+ private static Map namePrefixes=
java.util.Collections.synchronizedMap(new HashMap());
+
/**
* Creates an Element in the XML Signature specification namespace.
*
--Sean
ArunaGanesan wrote:
> When is the next release? We are using this jar in a production system and it
> would be easier for us to download it from a stable release, than applying
> the patch and getting it reviewed.
>
> Aruna
>
> Colm O hEigeartaigh wrote:
>> This has already been fixed and will be in the next release:
>>
>> https://issues.apache.org/bugzilla/show_bug.cgi?id=47779
>>
>> Colm.
>>
>> -----Original Message-----
>> From: ArunaGanesan [mailto:arunagan@gmail.com]
>> Sent: 12 January 2010 11:07
>> To: security-dev@xml.apache.org
>> Subject: Infinite Loop due to inconsistent hashmap, in
>> ApacheXMLSecurityJava XMLUtil.class
>>
>>
>> We are using WSS4J, AxisJ and ApacheXMLSecurityJava for contacting a
>> webservice using SOAP. One of our tool makes parallel SOAP requests to
>> this
>> web service. This tool runs on a m/c with 32 virtual processors.
>>
>> We were running into a process block a way too often.We did a jstack on
>> the
>> process and the process seem to be doing this.
>> at java.util.HashMap.get(HashMap.java:303)
>> at
>> org.apache.xml.security.utils.XMLUtils.createElementInSignatureSpace(Unk
>> nown
>> Source)
>>
>> Everytime we get the same jstack when the process stops making progress.
>>
>> At this point, the process stops and the CPU starts spiking.
>>
>> When we looked at the XMLUtils code, we found that the class is not
>> thread
>> safe.
>> There is a hashmap namePrefixes that is used without synchronization.
>> It
>> seems that a hashmap without synchronization can cause infinite loop
>> http://lightbody.net/blog/2005/07/hashmapget_can_cause_an_infini.html
>>
>> Since the hash map used in the class is a static object, we guess the
>> hash
>> map is left in an inconsistent state.
>>
>> Is there any solution available so that we can get rid of this infinite
>> loop.
>> --
>> View this message in context:
>> http://old.nabble.com/Infinite-Loop-due-to-inconsistent-hashmap%2C-in-Ap
>> acheXMLSecurityJava-XMLUtil.class-tp27125974p27125974.html
>> Sent from the Apache XML - Security - Dev mailing list archive at
>> Nabble.com.
>>
>>
>>
>
RE: Infinite Loop due to inconsistent hashmap, in
ApacheXMLSecurityJava XMLUtil.class
Posted by ArunaGanesan <ar...@gmail.com>.
When is the next release? We are using this jar in a production system and it
would be easier for us to download it from a stable release, than applying
the patch and getting it reviewed.
Aruna
Colm O hEigeartaigh wrote:
>
> This has already been fixed and will be in the next release:
>
> https://issues.apache.org/bugzilla/show_bug.cgi?id=47779
>
> Colm.
>
> -----Original Message-----
> From: ArunaGanesan [mailto:arunagan@gmail.com]
> Sent: 12 January 2010 11:07
> To: security-dev@xml.apache.org
> Subject: Infinite Loop due to inconsistent hashmap, in
> ApacheXMLSecurityJava XMLUtil.class
>
>
> We are using WSS4J, AxisJ and ApacheXMLSecurityJava for contacting a
> webservice using SOAP. One of our tool makes parallel SOAP requests to
> this
> web service. This tool runs on a m/c with 32 virtual processors.
>
> We were running into a process block a way too often.We did a jstack on
> the
> process and the process seem to be doing this.
> at java.util.HashMap.get(HashMap.java:303)
> at
> org.apache.xml.security.utils.XMLUtils.createElementInSignatureSpace(Unk
> nown
> Source)
>
> Everytime we get the same jstack when the process stops making progress.
>
> At this point, the process stops and the CPU starts spiking.
>
> When we looked at the XMLUtils code, we found that the class is not
> thread
> safe.
> There is a hashmap namePrefixes that is used without synchronization.
> It
> seems that a hashmap without synchronization can cause infinite loop
> http://lightbody.net/blog/2005/07/hashmapget_can_cause_an_infini.html
>
> Since the hash map used in the class is a static object, we guess the
> hash
> map is left in an inconsistent state.
>
> Is there any solution available so that we can get rid of this infinite
> loop.
> --
> View this message in context:
> http://old.nabble.com/Infinite-Loop-due-to-inconsistent-hashmap%2C-in-Ap
> acheXMLSecurityJava-XMLUtil.class-tp27125974p27125974.html
> Sent from the Apache XML - Security - Dev mailing list archive at
> Nabble.com.
>
>
>
--
View this message in context: http://old.nabble.com/Infinite-Loop-due-to-inconsistent-hashmap%2C-in-ApacheXMLSecurityJava-XMLUtil.class-tp27125974p27127568.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
RE: Infinite Loop due to inconsistent hashmap, in ApacheXMLSecurityJava XMLUtil.class
Posted by Colm O hEigeartaigh <co...@progress.com>.
This has already been fixed and will be in the next release:
https://issues.apache.org/bugzilla/show_bug.cgi?id=47779
Colm.
-----Original Message-----
From: ArunaGanesan [mailto:arunagan@gmail.com]
Sent: 12 January 2010 11:07
To: security-dev@xml.apache.org
Subject: Infinite Loop due to inconsistent hashmap, in
ApacheXMLSecurityJava XMLUtil.class
We are using WSS4J, AxisJ and ApacheXMLSecurityJava for contacting a
webservice using SOAP. One of our tool makes parallel SOAP requests to
this
web service. This tool runs on a m/c with 32 virtual processors.
We were running into a process block a way too often.We did a jstack on
the
process and the process seem to be doing this.
at java.util.HashMap.get(HashMap.java:303)
at
org.apache.xml.security.utils.XMLUtils.createElementInSignatureSpace(Unk
nown
Source)
Everytime we get the same jstack when the process stops making progress.
At this point, the process stops and the CPU starts spiking.
When we looked at the XMLUtils code, we found that the class is not
thread
safe.
There is a hashmap namePrefixes that is used without synchronization.
It
seems that a hashmap without synchronization can cause infinite loop
http://lightbody.net/blog/2005/07/hashmapget_can_cause_an_infini.html
Since the hash map used in the class is a static object, we guess the
hash
map is left in an inconsistent state.
Is there any solution available so that we can get rid of this infinite
loop.
--
View this message in context:
http://old.nabble.com/Infinite-Loop-due-to-inconsistent-hashmap%2C-in-Ap
acheXMLSecurityJava-XMLUtil.class-tp27125974p27125974.html
Sent from the Apache XML - Security - Dev mailing list archive at
Nabble.com.