Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-5328

The private fields of the NetServlet can be changed by multiple threads, giving rise to race conditions and corruptions.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 10.9.1.0
    • None
    • Network Server
    • Normal
    • Newcomer
    • Security

    Description

      At the beginning of the NetServlet class, there are a number of private fields. These fields can be inspected and changed by any thread running inside NetServlet.doGet(). Due to the way that app servers dispatch servlet requests, this means that multiple threads can be operating inside doGet() at the same time, clobbering one another's work. The weirdest instance of this is the shared PrintWriter (called "out") which is used to produce the response web page sent back by the servlet. Multiple threads all writing to the same PrintWriter will create a very bizarre response page. The following improvements should be made:

      1) The "server" field should be set by a synchronized method.

      2) Every run through doGet() should create its own PrintWriter which is passed to other methods. The instance-wide "out" field should be removed.

      3) Various other fields should be re-coded using the Atomic classes introduced by Java 5. These fields include "logStatus" and "traceStatus". This solution can be implemented if the community votes to approve the sunsetting of JVM 1.4 (currently at the polls).

      Attachments

        1. derby-5328-01-aa-simpleFields.diff
          22 kB
          Richard N. Hillegas
        2. derby-5328-02-aa-synchronized_doget.diff
          0.6 kB
          Kristian Waagan

        Activity

          People

            Unassigned Unassigned
            rhillegas Richard N. Hillegas
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: