santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 50248] New: Concurrency problem on incomplete Init.init() calls
Date Wed, 10 Nov 2010 18:42:39 GMT

           Summary: Concurrency problem on incomplete Init.init() calls
           Product: Security
           Version: Java 1.4.2
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Signature

The static method Init.init() is synchronized and therefore protected against
calling it by more than one thread at a time. It is also protected against
accidentally calling it more than once. But it is not protected against an
incomplete initialization:

Imagine the two threads T1 and T2.

Inside Init.init() the line "_alreadyInitialized = true;" is at the beginning
of the method, when only some variables have been set, but the initialization
process is not fully completed.

If T1 successfully entered Init.init() but is suspended by the scheduler just
after processing the line "_alreadyInitialized = true;" this will cause
concurrency problems for T2.

Because T1 already set "_alreadyInitialized" to "true", T2 can use the
unsynchronized method Init.isInitialized() to check if an initialization is
needed. Unfortunately T2 will get the result "true" and therefore skips the
call to Init.init() and directly goes to check a signature via

Because of the incomplete initialization this will lead to some very strange
exceptions. In our case the exception misses some entries of the

To fix this issue, the line "_alreadyInitialized = true;" should be the last
line of Init.init().

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

View raw message