Commons Dbcp
  1. Commons Dbcp
  2. DBCP-241

NPE in case of an SQLException to be thrown on checkOpen() in DelegatingConnection

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.2
    • Fix Version/s: 1.3
    • Labels:
      None

      Description

      I only got it from the Spring forums (http://forum.springframework.org/showthread.php?t=44068). I have no idea which version or if it is already fixed. It should be easy to review.

      Stacktrace:

      java.lang.NullPointerException
      at org.apache.commons.dbcp.PoolingConnection.toString(PoolingConnection.java:248)
      at java.lang.String.valueOf(String.java:2615)
      at java.lang.StringBuffer.append(StringBuffer.java:220)
      at org.apache.commons.dbcp.DelegatingConnection.checkOpen(DelegatingConnection.java:354)
      at org.apache.commons.dbcp.DelegatingConnection.prepareStatement(DelegatingConnection.java:246)
      at org.apache.commons.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.prepareStatement(PoolingDataSource.java:302)
      at org.hibernate.jdbc.AbstractBatcher.getPreparedStatement(AbstractBatcher.java:505)
      at org.hibernate.jdbc.AbstractBatcher.getPreparedStatement(AbstractBatcher.java:423)
      at org.hibernate.jdbc.AbstractBatcher.prepareQueryStatement(AbstractBatcher.java:139)

      implementation of the method:

      protected void checkOpen() throws SQLException {
      if(_closed)

      { throw new SQLException ("Connection " + _conn + " is closed."); }

      }

      Regards

      Joerg

        Activity

        Jörg Heinicke created issue -
        Jörg Heinicke made changes -
        Field Original Value New Value
        Description I only got it from the Spring forums (http://forum.springframework.org/showthread.php?t=44068), no idea which version or if it is already fixed. It should be easy to review.

        Stacktrace:

        java.lang.NullPointerException
        at org.apache.commons.dbcp.PoolingConnection.toString(PoolingConnection.java:248)
        at java.lang.String.valueOf(String.java:2615)
        at java.lang.StringBuffer.append(StringBuffer.java:220)
        at org.apache.commons.dbcp.DelegatingConnection.checkOpen(DelegatingConnection.java:354)
        at org.apache.commons.dbcp.DelegatingConnection.prepareStatement(DelegatingConnection.java:246)
        at org.apache.commons.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.prepareStatement(PoolingDataSource.java:302)
        at org.hibernate.jdbc.AbstractBatcher.getPreparedStatement(AbstractBatcher.java:505)
        at org.hibernate.jdbc.AbstractBatcher.getPreparedStatement(AbstractBatcher.java:423)
        at org.hibernate.jdbc.AbstractBatcher.prepareQueryStatement(AbstractBatcher.java:139)

        implementation of the method:

            protected void checkOpen() throws SQLException {
                if(_closed) {
                    throw new SQLException
                        ("Connection " + _conn + " is closed.");
                }
            }

        Regards

        Joerg
        I only got it from the Spring forums (http://forum.springframework.org/showthread.php?t=44068). I have no idea which version or if it is already fixed. It should be easy to review.

        Stacktrace:

        java.lang.NullPointerException
        at org.apache.commons.dbcp.PoolingConnection.toString(PoolingConnection.java:248)
        at java.lang.String.valueOf(String.java:2615)
        at java.lang.StringBuffer.append(StringBuffer.java:220)
        at org.apache.commons.dbcp.DelegatingConnection.checkOpen(DelegatingConnection.java:354)
        at org.apache.commons.dbcp.DelegatingConnection.prepareStatement(DelegatingConnection.java:246)
        at org.apache.commons.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.prepareStatement(PoolingDataSource.java:302)
        at org.hibernate.jdbc.AbstractBatcher.getPreparedStatement(AbstractBatcher.java:505)
        at org.hibernate.jdbc.AbstractBatcher.getPreparedStatement(AbstractBatcher.java:423)
        at org.hibernate.jdbc.AbstractBatcher.prepareQueryStatement(AbstractBatcher.java:139)

        implementation of the method:

            protected void checkOpen() throws SQLException {
                if(_closed) {
                    throw new SQLException
                        ("Connection " + _conn + " is closed.");
                }
            }

        Regards

        Joerg
        Summary NPE in case of an SQLException on checkOpen() in DelegatingConnection NPE in case of an SQLException to be thrown on checkOpen() in DelegatingConnection
        Hide
        Phil Steitz added a comment -

        Thanks for reporting this bug, which is a regression in 1.2.2 from DBCP-187.

        Show
        Phil Steitz added a comment - Thanks for reporting this bug, which is a regression in 1.2.2 from DBCP-187 .
        Phil Steitz made changes -
        Affects Version/s 1.2.2 [ 12311976 ]
        Fix Version/s 1.3 [ 12311977 ]
        Hide
        Phil Steitz added a comment -

        The following code reproduces this bug using DBCP 1.2.2:
        conn = new DelegatingConnection( new PoolingConnection
        (delegateConn2, new GenericKeyedObjectPool()));
        try

        { conn.close(); }

        catch (Exception ex) {}
        conn.prepareStatement("");

        The NPE is generated by this line in PoolingConnection.toString:
        return "PoolingConnection: " + _pstmtPool.toString();

        The DBCP-187 change to checkOpen in DelegatingException exposed this NPE vulnerability in PoolingConnection. Others exist in this class as well and all should be fixed before this bug is closed.

        To avoid this and other NPEs, DBCP 1.x users should avoid calling prepareStatement methods on closed PoolingConnections.

        Show
        Phil Steitz added a comment - The following code reproduces this bug using DBCP 1.2.2: conn = new DelegatingConnection( new PoolingConnection (delegateConn2, new GenericKeyedObjectPool())); try { conn.close(); } catch (Exception ex) {} conn.prepareStatement(""); The NPE is generated by this line in PoolingConnection.toString: return "PoolingConnection: " + _pstmtPool.toString(); The DBCP-187 change to checkOpen in DelegatingException exposed this NPE vulnerability in PoolingConnection. Others exist in this class as well and all should be fixed before this bug is closed. To avoid this and other NPEs, DBCP 1.x users should avoid calling prepareStatement methods on closed PoolingConnections.
        Hide
        Phil Steitz added a comment -

        s/DelegatingException/DelegatingConnection in last comment.

        Show
        Phil Steitz added a comment - s/DelegatingException/DelegatingConnection in last comment.
        Hide
        Phil Steitz added a comment -

        Fixed in r 578597.

        Show
        Phil Steitz added a comment - Fixed in r 578597.
        Phil Steitz made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Henri Yandell made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Jörg Heinicke
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development