neboskreb opened a new issue, #3639:
URL: https://github.com/apache/logging-log4j2/issues/3639
Allow disabling the optimization for filling the stack traces
## Description
Utility `PrivateSecurityManagerStackTraceUtil` offers an optimized way to
fill the stack traces. For this it uses `SecurityManager.getClassContext()`
which is faster.
Unfortunately, it is not always possible. On Android security managers are
not used. Though class `SecurityManager` is present in the classpath, it
contains just stubs; hence the array returned from `getClassContext()` is
always null.
This results in an NPE when Log4J tries to use it to fill the
stack trace.
Fortunately, Log4J library will first check `isEnabled()` before using this
optimization.
## Configuration
**Version:** 2.24.3
**Operating system:** Android
**JDK:** not relevant
## Logs
Not relevant
## Reproduction
Just log an arbitrary exception:
```java
log.warn("test", new Exception());
```
## Solution
For now, the proposed remedy is to allow the developer on Android to
explicitly disable this optimization.
A bigger problem is coming later, as `java.lang.SecurityManager` is
deprecated and marked for removal. Once it is removed, the
`PrivateSecurityManagerStackTraceUtil` (who internally extends
`SecurityManager`) will start failing to load on Android. That will require a
better mechanism to exclude this optimization from the execution path.
## Action points
* **To fix the immediate problem:** review and merge the proposed PR #3638
* **For the longer perspective:** consider options for the case when class
`SecurityManager` is missing in runtime
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
