Groovy
  1. Groovy
  2. GROOVY-6456

AbstractHttpServlet.applyResourceNameMatcher race condition

    Details

      Description

      groovy.servlet.AbstractHttpServlet#applyResourceNameMatcher uses java.util.regex.Matcher object in this way:

      matcher.reset(uri);

      but Matcher is NOT ThreadSafe!

      javadoc:
      Instances of this class are not safe for use by multiple concurrent threads.

      Pattern class IS thread safe.

      stacktrace from bug demo
      2013-12-01 23:36:50.009:WARN:oejs.ServletHandler:/1Test.groovy
      java.lang.IndexOutOfBoundsException: start 0, end -1, s.length() 14
      at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:476)
      at java.lang.StringBuffer.append(StringBuffer.java:309)
      at java.util.regex.Matcher.appendReplacement(Matcher.java:839)
      at java.util.regex.Matcher.replaceAll(Matcher.java:906)
      at groovy.servlet.AbstractHttpServlet.applyResourceNameMatcher(AbstractHttpServlet.java:303)
      at groovy.servlet.AbstractHttpServlet.getScriptUri(AbstractHttpServlet.java:290)
      at groovy.servlet.GroovyServlet.service(GroovyServlet.java:105)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Jochen Theodorou
            Reporter:
            Andrew P Fink
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development