commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OGNL-252) OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash collisions
Date Thu, 05 Nov 2015 14:44:27 GMT

    [ https://issues.apache.org/jira/browse/OGNL-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14991746#comment-14991746
] 

Lukasz Lenart commented on OGNL-252:
------------------------------------

OGNL 3.0.13/3.1.1 are out, you can replace the version you are using right now (it supposed
to be a drop-in replacement) or wait for Struts 2.3.25 or 2.5

> OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash collisions
> ------------------------------------------------------------------------------------
>
>                 Key: OGNL-252
>                 URL: https://issues.apache.org/jira/browse/OGNL-252
>             Project: Commons OGNL
>          Issue Type: Bug
>    Affects Versions: 3.0
>            Reporter: Carlos Saona
>            Priority: Critical
>             Fix For: 3.0.13
>
>
> Using Struts 2.3.24 and OGNL 3.0.6, one of our production servers was not rendering one
attribute of a specific page. It was weird because the other servers were rendering that same
page OK, and all had the same software version.
> Using the debugger, I found out that the problem was that OgnlRuntime.invoke method was
throwing IllegalAccessException when invoking a given method by reflection. The difference
between the working and non-working servers was that _methodAccessCache had different boolean
values for that method. The non-working server failed to force the accessibility of the method
because syncInvoke was set to false.
> Inspecting the code of OgnlRuntime.invokeMethod, I saw the cache is using the hash of
the method as a key, instead of the method itself. Therefore if two different methods that
have different accessibility have a hash collision in the cache, OgnlRuntime.invokeMethod
will throw an IllegalAccessException if the one that is accessible is cached before the one
that is not.
> I think this could be fixed by using the method itself as the map key, instead of its
hash value. Browsing the changelog, I saw that at least since 3.0.9 IntHashMap has been replaced
with ConcurrentHashMap, so the change would be quite straightforward. 
> If you agree with the diagnostic, I volunteer to fork and submit a pull request.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message