harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wendy Feng (JIRA)" <j...@apache.org>
Subject [jira] Created: (HARMONY-6661) Synchonrize on mutable field in Permissions.java
Date Tue, 28 Sep 2010 03:15:33 GMT
Synchonrize on mutable field in Permissions.java
------------------------------------------------

                 Key: HARMONY-6661
                 URL: https://issues.apache.org/jira/browse/HARMONY-6661
             Project: Harmony
          Issue Type: Bug
          Components: Classlib
    Affects Versions: 6.0M1
         Environment: Windows XP
            Reporter: Wendy Feng


I found a unsafe synchronization in modules/security/src/main/java/common/java/security/Permissions.java
public final class Permissions extends PermissionCollection implements Serializable {
...
private void readObject(java.io.ObjectInputStream in) throws IOException,
        ClassNotFoundException {
...
        klasses = new HashMap();
        synchronized (klasses) {
            for (Iterator iter = perms.entrySet().iterator(); iter.hasNext();) {
                Map.Entry entry = (Map.Entry)  iter.next();
                Class key = (Class) entry.getKey();
                PermissionCollection pc = (PermissionCollection) entry.getValue();
                if (key != pc.elements().nextElement().getClass()) {
                    throw new InvalidObjectException(Messages.getString("security.22")); //$NON-NLS-1$
                }
                klasses.put(key, pc);
            }
        }
    ...
  }
...
}

In the above code , a block is synchronized on klasses field. Before the synchronized block,
klasses is assigned to a new value.

Consequence: 
Different threads will synchronize on different klasses objects because it has been assigned
to a new value. It  breaks the mutual exclusion and update on klasses would be lost.

I suggest to rewrite it as follow:
public final class Permissions extends PermissionCollection implements Serializable {
   private static final Object monitor = new Object();
...
private void readObject(java.io.ObjectInputStream in) throws IOException,
        ClassNotFoundException {
...
        klasses = new HashMap();
        synchronized (monitor ) {
            for (Iterator iter = perms.entrySet().iterator(); iter.hasNext();) {
                Map.Entry entry = (Map.Entry)  iter.next();
                Class key = (Class) entry.getKey();
                PermissionCollection pc = (PermissionCollection) entry.getValue();
                if (key != pc.elements().nextElement().getClass()) {
                    throw new InvalidObjectException(Messages.getString("security.22")); //$NON-NLS-1$
                }
                klasses.put(key, pc);
            }
        }
    ...
  }
...
}


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message