https://issues.apache.org/bugzilla/show_bug.cgi?id=49685
Summary: Unsafe synchronization in class ManagedBean
Product: Tomcat 7
Version: 7.0.0
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Modules: tomcat-lite
AssignedTo: dev@tomcat.apache.org
ReportedBy: feng_yu_...@hotmail.com
Class ManagedBean has eneffectiv code as follow:
public void addNotification(NotificationInfo notification) {
synchronized (notifications) {
NotificationInfo results[] =
new NotificationInfo[notifications.length + 1];
System.arraycopy(notifications, 0, results, 0,
notifications.length);
results[notifications.length] = notification;
notifications = results;
this.info = null;
}
}
In this case, the object of notifications has been changed in the synchronized
block. this may cause two threads synchronizing on different objects. If thread
A and B access this method concurrently, and thread A execute the code "
notifications = results; " earlier and then finished while thread B is still
not finished. At the same time, Thread C access this method, then C will hold
the different lock instance as Thread B. This is dangerous.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
