commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (VALIDATOR-427) Race Condition in DomainValidator
Date Tue, 06 Jun 2017 21:33:18 GMT

    [ https://issues.apache.org/jira/browse/VALIDATOR-427?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16039686#comment-16039686
] 

Sebb commented on VALIDATOR-427:
--------------------------------

The current rule is that the overrides must be set up before getting the instance.

That was done in order to guarantee safe publication of the data without requiring all the
isValidxxx methods to be synchronised.

Volatile on its own does not do that, see:

https://www.securecoding.cert.org/confluence/display/java/CON50-J.+Do+not+assume+that+declaring+a+reference+volatile+guarantees+safe+publication+of+the+members+of+the+referenced+object

The inUse flag avoids the need to synch. the isValidxxx methods.

> Race Condition in DomainValidator
> ---------------------------------
>
>                 Key: VALIDATOR-427
>                 URL: https://issues.apache.org/jira/browse/VALIDATOR-427
>             Project: Commons Validator
>          Issue Type: Bug
>    Affects Versions: 1.6
>            Reporter: Steven Sheehy
>
> There's a race condition in DomainValidator which causes our application to fail sometimes.
The issue occurs when the DomainValidator.getInstance() is called before we can call DomainValidator.updateTLDOverride()
and we receive a IllegalStateException("Can only invoke this method before calling getInstance").
In a multi-threaded environment, DomainValidator.getInstance() can be called at any time and
it is difficult to find a location in application startup which ensures DomainValidator.updateTLDOverride()
is called before to initialize it. I was able to workaround during application runtime it
by placing the initialization in a Spring @Configuration class, but there is no proper location
in JUnit tests which can be called before any tests run.
> Therefore, I think the proper approach to address this is to allow DomainValidator.updateTLDOverride()
to be updated at any time including after calls to getInstance(). Examining the source, I
see that the both methods are synchronized and that the custom TLD arrays are all volatile.
Therefore, assuming Java 1.5 or greater and its guarantees about volatile assignments, the
code already guarantees proper synchronization for the TLD plus arrays and the inUse flag
is not needed and can be removed.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message