Jody Grassel created OPENJPA-2672:
-------------------------------------
Summary: ConfigurationImpl.loadGlobals() has
java.util.ConcurrentModificationException vulnerability
Key: OPENJPA-2672
URL: https://issues.apache.org/jira/browse/OPENJPA-2672
Project: OpenJPA
Issue Type: Bug
Components: lib
Affects Versions: 2.2.3
Reporter: Jody Grassel
Assignee: Jody Grassel
The following block in the loadGlobals() method:
// let system properties override other globals
try {
fromProperties(new HashMap(
AccessController.doPrivileged(
J2DoPrivHelper.getPropertiesAction())));
retrieves a Properties object from System.getProperties(), which is passed to
HashMap's ctor. The ctor interacts with an enumerator associated with the
Properties object to populate the new HashMap instance. However, if another
thread mutates the JVM's System Properties, it can result in a
ConcurrentModificationException as observed below:
Caused by: java.util.ConcurrentModificationException
at java.util.Hashtable$Enumerator.next(Hashtable.java:1256)
at java.util.HashMap.putAllForCreate(HashMap.java:566)
at java.util.HashMap.<init>(HashMap.java:310)
at
org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
