svn commit: r1805645 - in /tomcat/trunk: java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Mon Aug 21 15:24:42 2017
New Revision: 1805645

URL: http://svn.apache.org/viewvc?rev=1805645&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61424
The trick to avoid the relatively slow ClassNotFoundException has another edge 
case that can trigger a StackOverflowError.
Switch to a general fix that handles the known edge cases and should handle as 
yet unknown edge cases.

Modified:
    tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java?rev=1805645&r1=1805644&r2=1805645&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java Mon 
Aug 21 15:24:42 2017
@@ -1175,8 +1175,14 @@ public abstract class WebappClassLoaderB
                 // https://bz.apache.org/bugzilla/show_bug.cgi?id=58125 for
                 // details) when running under a security manager in rare cases
                 // this call may trigger a ClassCircularityError.
+                // See https://bz.apache.org/bugzilla/show_bug.cgi?id=61424 for
+                // details of how this may trigger a StackOverflowError
+                // Given these reported errors, catch Throwable to ensure any
+                // other edge cases are also caught
                 tryLoadingFromJavaseLoader = 
(javaseLoader.getResource(resourceName) != null);
-            } catch (ClassCircularityError cce) {
+            } catch (Throwable t) {
+                // Swallow all exceptions apart from those that must be 
re-thrown
+                ExceptionUtils.handleThrowable(t);
                 // The getResource() trick won't work for this class. We have 
to
                 // try loading it directly and accept that we might get a
                 // ClassNotFoundException.

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1805645&r1=1805644&r2=1805645&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 21 15:24:42 2017
@@ -64,6 +64,11 @@
         warning about not being able to read a logging configuration file when
         that file does not exist. (markt)
       </fix>
+      <fix>
+        <bug>61424</bug>: Avoid a possible <code>StackOverflowError</code> when
+        running under a <code>SecurityManager</code> and using
+        <code>Subject.doAs()</code>. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org