Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-556

WeakHashMap cache cause infinite loop

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Java 2.1.4
    • Java 2.1.6, Java 2.2.1
    • Java
    • None

    Description

      Hi Santuario Team,

      I have encountered what I believe is an infinite loop in WeakHashMap.get() caused by non-synchronized access of the WeakHashMap cache in org.apache.xml.security.stax.impl.transformer.canonicalizer.CanonicalizerBase.

      WeakHashMap, not being thread-safe, can cause threads spinning in infinite loops if accessed concurrently.

      Observed multiple threads with identical stacktraces:

       

      Thread 36 (Daemon): RoutingHandler
Type: java.lang.Thread
Group: main <- system
State: RUNNABLE
CPU: 1%
Details:
Thread Pool: WorkerThreads:SYSTEM
Current State: Running
State Duration: 01h 34m 41s 941ms
Stack Trace:
java.util.WeakHashMap.put(WeakHashMap.java:453)
org.apache.xml.security.c14n.implementations.UtfHelpper.writeByte(UtfHelpper.java:51)
org.apache.xml.security.stax.impl.transformer.canonicalizer.CanonicalizerBase.outputAttrToWriter(CanonicalizerBase.java:408)
org.apache.xml.security.stax.impl.transformer.canonicalizer.CanonicalizerBase.transform(CanonicalizerBase.java:303)
org.apache.xml.security.stax.impl.transformer.TransformIdentity$2.transform(TransformIdentity.java:132)
org.apache.xml.security.stax.impl.transformer.TransformIdentity.transform(TransformIdentity.java:174)
org.apache.xml.security.stax.impl.transformer.TransformEnvelopedSignature.transform(TransformEnvelopedSignature.java:69)
org.apache.xml.security.stax.impl.processor.input.AbstractSignatureReferenceVerifyInputProcessor$InternalSignatureReferenceVerifier.processEvent(AbstractSignatureReferenceVerifyInputProcessor.java:443)
org.apache.xml.security.stax.impl.processor.input.AbstractSignatureReferenceVerifyInputProcessor$InternalSignatureReferenceVerifier.processNextEvent(AbstractSignatureReferenceVerifyInputProcessor.java:436)
org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:188)
org.apache.xml.security.stax.impl.processor.input.XMLSecurityInputProcessor.processNextEvent(XMLSecurityInputProcessor.java:76)
org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:188)
org.apache.xml.security.stax.impl.XMLSecurityStreamReader.next(XMLSecurityStreamReader.java:76)
...
removed non-santuario stack frames

       

       

       

       

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            johan106 Johan Andersson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: