[
https://issues.apache.org/jira/browse/OGNL-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14984042#comment-14984042
]
Carlos Saona commented on OGNL-252:
-----------------------------------
Hi, Lukasz. Thanks for the quick reply!
No, I don't think it is related to WW-4113. Reading the description, and
looking at the code, WW-4113 is about the cache for getters/setters that allows
you to get an instance of {{Method}} from an instance of {{Class}} and a
property name (a String). What I described happens afterwards, in the cache for
the accessibility of that method.
I am afraid that 3.0.12 has the same problem, as does 3.1:
{{OgnlRuntime.invokeMethod}} uses {{method.hashCode()}} instead of {{method}}
as the key in {{_methodAccessCache}} and {{_methodPermCache}} :-(
I have also looked at the code in commons-ognl: there the key in the hash is
the method instance, not its hash. So the problem only impacts 3.x
> OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash
> collisions
> ------------------------------------------------------------------------------------
>
> Key: OGNL-252
> URL: https://issues.apache.org/jira/browse/OGNL-252
> Project: Commons OGNL
> Issue Type: Bug
> Affects Versions: 3.0
> Reporter: Carlos Saona
> Priority: Critical
> Fix For: 3.0.12
>
>
> Using Struts 2.3.24 and OGNL 3.0.6, one of our production servers was not
> rendering one attribute of a specific page. It was weird because the other
> servers were rendering that same page OK, and all had the same software
> version.
> Using the debugger, I found out that the problem was that OgnlRuntime.invoke
> method was throwing IllegalAccessException when invoking a given method by
> reflection. The difference between the working and non-working servers was
> that _methodAccessCache had different boolean values for that method. The
> non-working server failed to force the accessibility of the method because
> syncInvoke was set to false.
> Inspecting the code of OgnlRuntime.invokeMethod, I saw the cache is using the
> hash of the method as a key, instead of the method itself. Therefore if two
> different methods that have different accessibility have a hash collision in
> the cache, OgnlRuntime.invokeMethod will throw an IllegalAccessException if
> the one that is accessible is cached before the one that is not.
> I think this could be fixed by using the method itself as the map key,
> instead of its hash value. Browsing the changelog, I saw that at least since
> 3.0.9 IntHashMap has been replaced with ConcurrentHashMap, so the change
> would be quite straightforward.
> If you agree with the diagnostic, I volunteer to fork and submit a pull
> request.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
