svn commit: r1726202 - in /tomcat/trunk: java/org/apache/catalina/util/CustomObjectInputStream.java webapps/docs/changelog.xml

Fri, 22 Jan 2016 04:58:35 -0800 

Author: markt
Date: Fri Jan 22 12:58:14 2016
New Revision: 1726202

URL: http://svn.apache.org/viewvc?rev=1726202&view=rev
Log:
WeakHashMap isn't thread safe.

Modified:
    tomcat/trunk/java/org/apache/catalina/util/CustomObjectInputStream.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/catalina/util/CustomObjectInputStream.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/util/CustomObjectInputStream.java?rev=1726202&r1=1726201&r2=1726202&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/util/CustomObjectInputStream.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/util/CustomObjectInputStream.java Fri 
Jan 22 12:58:14 2016
@@ -107,10 +107,16 @@ public final class CustomObjectInputStre
         }
         this.warnOnFailure = warnOnFailure;
 
-        Set<String> reportedClasses = reportedClassCache.get(classLoader);
+        Set<String> reportedClasses;
+        synchronized (reportedClassCache) {
+            reportedClasses = reportedClassCache.get(classLoader);
+        }
         if (reportedClasses == null) {
             reportedClasses = Collections.newSetFromMap(new 
ConcurrentHashMap<>());
-            Set<String> original = reportedClassCache.putIfAbsent(classLoader, 
reportedClasses);
+            Set<String> original;
+            synchronized (reportedClassCache) {
+                original = reportedClassCache.putIfAbsent(classLoader, 
reportedClasses);
+            }
             if (original != null) {
                 // Concurrent attempts to create the new Set. Make sure all
                 // threads use the first successfully added Set.

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1726202&r1=1726201&r2=1726202&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Jan 22 12:58:14 2016
@@ -51,6 +51,10 @@
         Protect initialization of <code>ResourceLinkFactory</code> when
         running with a SecurityManager. (kkolinko)
       </fix>
+      <fix>
+        Correct a thread safety issue in the filtering of session attributes
+        based on the implementing class name of the value object. (markt)
+      </fix>
     </changelog>
   </subsection>
 </section>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to