Author: markt Date: Mon Aug 21 15:24:42 2017 New Revision: 1805645 URL: http://svn.apache.org/viewvc?rev=1805645&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61424 The trick to avoid the relatively slow ClassNotFoundException has another edge case that can trigger a StackOverflowError. Switch to a general fix that handles the known edge cases and should handle as yet unknown edge cases.
Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java?rev=1805645&r1=1805644&r2=1805645&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java Mon Aug 21 15:24:42 2017 @@ -1175,8 +1175,14 @@ public abstract class WebappClassLoaderB // https://bz.apache.org/bugzilla/show_bug.cgi?id=58125 for // details) when running under a security manager in rare cases // this call may trigger a ClassCircularityError. + // See https://bz.apache.org/bugzilla/show_bug.cgi?id=61424 for + // details of how this may trigger a StackOverflowError + // Given these reported errors, catch Throwable to ensure any + // other edge cases are also caught tryLoadingFromJavaseLoader = (javaseLoader.getResource(resourceName) != null); - } catch (ClassCircularityError cce) { + } catch (Throwable t) { + // Swallow all exceptions apart from those that must be re-thrown + ExceptionUtils.handleThrowable(t); // The getResource() trick won't work for this class. We have to // try loading it directly and accept that we might get a // ClassNotFoundException. Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1805645&r1=1805644&r2=1805645&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 21 15:24:42 2017 @@ -64,6 +64,11 @@ warning about not being able to read a logging configuration file when that file does not exist. (markt) </fix> + <fix> + <bug>61424</bug>: Avoid a possible <code>StackOverflowError</code> when + running under a <code>SecurityManager</code> and using + <code>Subject.doAs()</code>. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org