Summary: | Lack of synchronization in org.apache.catalina.security.SecurityUtil | ||
---|---|---|---|
Product: | Tomcat 6 | Reporter: | Dmitry Mikhaylov <mikhailov.dmitry> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 6.0.29 | ||
Target Milestone: | default | ||
Hardware: | PC | ||
OS: | Linux |
Description
Dmitry Mikhaylov
2010-10-21 09:22:56 UTC
That may not be the only bug. There are two instances of the following code: if(objectCache.containsKey(targetObject)){ methodsCache = objectCache.get(targetObject); If the object is removed between the two statements, then an NPE will follow. Surely the code should just check whether it got a non-null object? Also, the private static fields should be final. Thanks for the report. Fixed in trunk for 7.0.5 onwards and proposed for 6.0.x Fixed in 6.0.x and will be included in 6.0.30 onwards. Thanks for prompt fix, waiting for 6.0.30. |