Double use exposure in JAXBDataSource
-------------------------------------
Key: TUSCANY-3065
URL: https://issues.apache.org/jira/browse/TUSCANY-3065
Project: Tuscany
Issue Type: Bug
Components: Java SCA Data Binding Runtime
Reporter: Greg Dritschler
There is a potential double use of a Marshaller object in
org.apache.tuscany.sca.databinding.jaxb.axiom.JAXBDataSource.
The following code gets a marshaller from an underlying pool and then caches it.
private Marshaller getMarshaller() throws JAXBException {
if (marshaller == null) {
// For thread safety, not sure we can cache the marshaller
marshaller = JAXBContextHelper.getMarshaller(context);
}
return marshaller;
}
The code which calls this method also releases the Marshaller back to the pool.
For example:
public void serialize(final OutputStream output, OMOutputFormat format)
throws XMLStreamException {
try {
// marshaller.setProperty(Marshaller.JAXB_ENCODING,
format.getCharSetEncoding());
AccessController.doPrivileged(new
PrivilegedExceptionAction<Object>() {
public Object run() throws Exception {
try {
Marshaller marshaller = getMarshaller();
marshaller.marshal(element, output);
} finally {
releaseMarshaller(marshaller);
}
return null;
}
});
} catch (PrivilegedActionException e) {
throw new XMLStreamException(e.getException());
}
}
So after this method runs, the member variable marshaller contains a reference
to an element in the free pool. If another thread obtains that element, there
is a potential of double use.
Proposed fix:
- Delete member variable marshaller.
- Change getMarshaller to just return the Marshaller obtained from
JAXBContextHelper without saving it.
- Change all callers of getMarshaller/releaseMarshaller to use local variables.
You'll note there's a local variable in the "try" paths, but then the
"finally" paths use the member variable. Both the try and finally should use
the same local variable.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
