changelog.xml

markt Thu, 24 Apr 2014 01:55:30 -0700

Author: markt
Date: Thu Apr 24 08:54:26 2014
New Revision: 1589640

URL: http://svn.apache.org/r1589640
Log:
Avoid memory leak and add small optimisation to default Servlet


Modified:
    tomcat/tc6.0.x/trunk/   (props changed)
    tomcat/tc6.0.x/trunk/STATUS.txt
    
tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1588193,1588197
  Merged /tomcat/tc7.0.x/trunk:r1588199

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1589640&r1=1589639&r2=1589640&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Apr 24 08:54:26 2014
@@ -52,11 +52,6 @@ PATCHES PROPOSED TO BACKPORT:
            http://wiki.openssl.org/index.php/FIPS_mode%28%29
   -1:
 
-* Avoid memory leak and add small optimisation to default Servlet
-  http://svn.apache.org/r1588199
-  +1: markt, kkolinko, remm
-  -1:
-
 
 PATCHES/ISSUES THAT ARE STALLED:
 

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1589640&r1=1589639&r2=1589640&view=diff
==============================================================================
--- 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java 
(original)
+++ 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java 
Thu Apr 24 08:54:26 2014
@@ -39,6 +39,7 @@ public final class SecurityClassLoad {
         
         loadCorePackage(loader);
         loadLoaderPackage(loader);
+        loadServletsPackage(loader);
         loadSessionPackage(loader);
         loadUtilPackage(loader);
         loadJavaxPackage(loader);
@@ -81,6 +82,18 @@ public final class SecurityClassLoad {
     }
     
     
+    private static final void loadServletsPackage(ClassLoader loader)
+            throws Exception {
+        final String basePackage = "org.apache.catalina.servlets.";
+        // Avoid a possible memory leak in the DefaultServlet when running with
+        // a security manager. The DefaultServlet needs to load an XML parser
+        // when running under a security manager. We want this to be loaded by
+        // the container rather than a web application to prevent a memory leak
+        // via web application class loader.
+        loader.loadClass(basePackage + "DefaultServlet");
+    }
+
+
     private final static void loadSessionPackage(ClassLoader loader)
         throws Exception {
         String basePackage = "org.apache.catalina.";

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1589640&r1=1589639&r2=1589640&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java 
Thu Apr 24 08:54:26 2014
@@ -123,8 +123,7 @@ public class DefaultServlet
 
     private static final DocumentBuilderFactory factory;
 
-    private static final SecureEntityResolver secureEntityResolver =
-            new SecureEntityResolver();
+    private static final SecureEntityResolver secureEntityResolver;
 
 
     // ----------------------------------------------------- Instance Variables
@@ -232,9 +231,15 @@ public class DefaultServlet
         urlEncoder.addSafeCharacter('*');
         urlEncoder.addSafeCharacter('/');
 
-        factory = DocumentBuilderFactory.newInstance();
-        factory.setNamespaceAware(true);
-        factory.setValidating(false);
+        if (Globals.IS_SECURITY_ENABLED) {
+            factory = DocumentBuilderFactory.newInstance();
+            factory.setNamespaceAware(true);
+            factory.setValidating(false);
+            secureEntityResolver = new SecureEntityResolver();
+        } else {
+            factory = null;
+            secureEntityResolver = null;
+        }
     }
 
 

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1589640&r1=1589639&r2=1589640&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Apr 24 08:54:26 2014
@@ -87,6 +87,10 @@
         reverts all the operations performed when adding an MBean notification
         listener. (markt)
       </fix>
+      <fix>
+        Only create XML parsing objects if required and fix associated 
potential
+        memory leak in the default Servlet. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1589640 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt java/org/apache/catalina/security/SecurityClassLoad.java java/org/apache/catalina/servlets/DefaultServlet.java webapps/docs/changelog.xml

Reply via email to