Issue Details (XML | Word | Printable)

Key: DBCP-241
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Unassigned
Reporter: Jörg Heinicke
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Commons Dbcp

NPE in case of an SQLException to be thrown on checkOpen() in DelegatingConnection

Created: 22/Sep/07 04:39 PM   Updated: 25/Mar/08 08:11 AM
Return to search
Component/s: None
Affects Version/s: 1.2.2
Fix Version/s: 1.3

Time Tracking:
Not Specified

Resolution Date: 23/Sep/07 07:51 PM


 Description  « Hide
I only got it from the Spring forums (http://forum.springframework.org/showthread.php?t=44068). I have no idea which version or if it is already fixed. It should be easy to review.

Stacktrace:

java.lang.NullPointerException
at org.apache.commons.dbcp.PoolingConnection.toString(PoolingConnection.java:248)
at java.lang.String.valueOf(String.java:2615)
at java.lang.StringBuffer.append(StringBuffer.java:220)
at org.apache.commons.dbcp.DelegatingConnection.checkOpen(DelegatingConnection.java:354)
at org.apache.commons.dbcp.DelegatingConnection.prepareStatement(DelegatingConnection.java:246)
at org.apache.commons.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.prepareStatement(PoolingDataSource.java:302)
at org.hibernate.jdbc.AbstractBatcher.getPreparedStatement(AbstractBatcher.java:505)
at org.hibernate.jdbc.AbstractBatcher.getPreparedStatement(AbstractBatcher.java:423)
at org.hibernate.jdbc.AbstractBatcher.prepareQueryStatement(AbstractBatcher.java:139)

implementation of the method:

protected void checkOpen() throws SQLException {
if(_closed) { throw new SQLException ("Connection " + _conn + " is closed."); }
}

Regards

Joerg

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Phil Steitz added a comment - 22/Sep/07 08:06 PM
Thanks for reporting this bug, which is a regression in 1.2.2 from DBCP-187.

[ Permlink | « Hide ]
Phil Steitz added a comment - 23/Sep/07 05:13 AM
The following code reproduces this bug using DBCP 1.2.2:
conn = new DelegatingConnection( new PoolingConnection
(delegateConn2, new GenericKeyedObjectPool()));
try { conn.close(); } catch (Exception ex) {}
conn.prepareStatement("");

The NPE is generated by this line in PoolingConnection.toString:
return "PoolingConnection: " + _pstmtPool.toString();

The DBCP-187 change to checkOpen in DelegatingException exposed this NPE vulnerability in PoolingConnection. Others exist in this class as well and all should be fixed before this bug is closed.

To avoid this and other NPEs, DBCP 1.x users should avoid calling prepareStatement methods on closed PoolingConnections.


[ Permlink | « Hide ]
Phil Steitz added a comment - 23/Sep/07 03:27 PM
s/DelegatingException/DelegatingConnection in last comment.

[ Permlink | « Hide ]
Phil Steitz added a comment - 23/Sep/07 07:51 PM
Fixed in r 578597.


Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators