[ 
https://issues.apache.org/jira/browse/OPENJPA-2672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15566189#comment-15566189
 ] 

ASF subversion and git services commented on OPENJPA-2672:
----------------------------------------------------------

Commit 1764316 from [~fyrewyld] in branch 'openjpa/trunk'
[ https://svn.apache.org/r1764316 ]

OPENJPA-2672: ConfigurationImpl.loadGlobals() has 
java.util.ConcurrentModificationException vulnerability

> ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException 
> vulnerability
> -------------------------------------------------------------------------------------------
>
>                 Key: OPENJPA-2672
>                 URL: https://issues.apache.org/jira/browse/OPENJPA-2672
>             Project: OpenJPA
>          Issue Type: Bug
>          Components: lib
>    Affects Versions: 2.2.3
>            Reporter: Jody Grassel
>            Assignee: Jody Grassel
>             Fix For: 2.2.3, 3.0.0
>
>         Attachments: OPENJPA_22X-2672.patch
>
>
> The following block in the loadGlobals() method:
>         // let system properties override other globals
>         try {
>             fromProperties(new HashMap(
>                 AccessController.doPrivileged(
>                     J2DoPrivHelper.getPropertiesAction())));
> retrieves a Properties object from System.getProperties(), which is passed to 
> HashMap's ctor.  The ctor interacts with an enumerator associated with the 
> Properties object to populate the new HashMap instance.  However, if another 
> thread mutates the JVM's System Properties, it can result in a 
> ConcurrentModificationException as observed below:
> Caused by: java.util.ConcurrentModificationException
>     at java.util.Hashtable$Enumerator.next(Hashtable.java:1256)
>     at java.util.HashMap.putAllForCreate(HashMap.java:566)
>     at java.util.HashMap.<init>(HashMap.java:310)
>     at 
> org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to