gnodet commented on PR #1910:
URL: https://github.com/apache/maven-resolver/pull/1910#issuecomment-4651100422
Pushed a fix for the remaining NPE race condition in `IpcClient.send()`.
**Root cause:** The `send()` method read the `output` field multiple times
without holding the same lock as `close(Throwable)`, which nulls the field
under `synchronized(this)`. Between `ensureInitialized()` returning and
reaching `synchronized(output)`, the receiver thread could call
`close(Throwable)` — setting `output = null` — causing a `NullPointerException`
at `output.flush()`.
**Fix:** Capture `output` in a local variable immediately after
`ensureInitialized()`, check it for null (throwing `IOException("Connection
closed")` if the connection was already torn down), and use the local variable
for both the `synchronized` block and all writes within it. This eliminates the
TOCTOU race between the field read and its use.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
