[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jakarta-commons-dev
Subject:    [jira] [Commented] (OGNL-252) OgnlRuntime.invokeMethod can throw IllegalAccessException because of h
From:       "Carlos Saona (JIRA)" <jira () apache ! org>
Date:       2015-10-31 16:40:27
Message-ID: JIRA.12909418.1446300951000.116513.1446309627834 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/OGNL-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14984042#comment-14984042 \
] 

Carlos Saona commented on OGNL-252:
-----------------------------------

Hi, Lukasz. Thanks for the quick reply!

No, I don't think it is related to WW-4113. Reading the description, and looking at \
the code, WW-4113 is about the cache for getters/setters that allows you to get an \
instance of {{Method}} from an instance of {{Class}} and a property name (a String). \
What I described happens afterwards, in the cache for the accessibility of that \
method.

I am afraid that 3.0.12 has the same problem, as does 3.1: \
{{OgnlRuntime.invokeMethod}} uses {{method.hashCode()}} instead of {{method}} as the \
key in {{_methodAccessCache}} and {{_methodPermCache}} :-(

I have also looked at the code in commons-ognl: there the key in the hash is the \
method instance, not its hash. So the problem only impacts 3.x

> OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash \
>                 collisions
> ------------------------------------------------------------------------------------
>  
> Key: OGNL-252
> URL: https://issues.apache.org/jira/browse/OGNL-252
> Project: Commons OGNL
> Issue Type: Bug
> Affects Versions: 3.0
> Reporter: Carlos Saona
> Priority: Critical
> Fix For: 3.0.12
> 
> 
> Using Struts 2.3.24 and OGNL 3.0.6, one of our production servers was not rendering \
> one attribute of a specific page. It was weird because the other servers were \
> rendering that same page OK, and all had the same software version. Using the \
> debugger, I found out that the problem was that OgnlRuntime.invoke method was \
> throwing IllegalAccessException when invoking a given method by reflection. The \
> difference between the working and non-working servers was that _methodAccessCache \
> had different boolean values for that method. The non-working server failed to \
> force the accessibility of the method because syncInvoke was set to false. \
> Inspecting the code of OgnlRuntime.invokeMethod, I saw the cache is using the hash \
> of the method as a key, instead of the method itself. Therefore if two different \
> methods that have different accessibility have a hash collision in the cache, \
> OgnlRuntime.invokeMethod will throw an IllegalAccessException if the one that is \
> accessible is cached before the one that is not. I think this could be fixed by \
> using the method itself as the map key, instead of its hash value. Browsing the \
> changelog, I saw that at least since 3.0.9 IntHashMap has been replaced with \
> ConcurrentHashMap, so the change would be quite straightforward.  If you agree with \
> the diagnostic, I volunteer to fork and submit a pull request.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[prev in list] [next in list] [prev in thread] [next in thread]