Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.7.1
-
None
-
Security Level: No security risk; visible to anyone (Ordinary problems in Xalan projects. Anybody can view the issue.)
-
None
Description
XPathExpressionImpl is not thread safe (unsafe use of static DocumentBuilder object instance).
See code snippet from XPathExpressionImpl below (note the use of the static db member and the fact that evaluate could be called for different XPathExpressionImpl instances simultaneously):
static DocumentBuilderFactory dbf = null;
static DocumentBuilder db = null;
static Document d = null;
public Object evaluate(InputSource source, QName returnType)
throws XPathExpressionException {
if ( ( source == null ) || ( returnType == null ) )
// Checking if requested returnType is supported. returnType need to be
// defined in XPathConstants
if ( !isSupported ( returnType ) ) {
String fmsg = XSLMessages.createXPATHMessage(
XPATHErrorResources.ER_UNSUPPORTED_RETURN_TYPE,
new Object[]
);
throw new IllegalArgumentException ( fmsg );
}
try {
if ( dbf == null )
db = dbf.newDocumentBuilder();
Document document = db.parse( source );
return eval( document, returnType );
} catch ( Exception e )
}
Exception looks like:
Caused by: javax.xml.xpath.XPathExpressionException
at org.apache.xpath.jaxp.XPathExpressionImpl.evaluate(XPathExpressionImpl.java:298)
at org.apache.xpath.jaxp.XPathExpressionImpl.evaluate(XPathExpressionImpl.java:325)
at test.TestXalanXPath$Runner.run(TestXalanXPath.java:49)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.xml.sax.SAXException: FWK005 parse may not be called while parsing.
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at org.apache.xpath.jaxp.XPathExpressionImpl.evaluate(XPathExpressionImpl.java:295)
... 5 more