Jody Grassel created OPENJPA-2672: ------------------------------------- Summary: ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException vulnerability Key: OPENJPA-2672 URL: https://issues.apache.org/jira/browse/OPENJPA-2672 Project: OpenJPA Issue Type: Bug Components: lib Affects Versions: 2.2.3 Reporter: Jody Grassel Assignee: Jody Grassel
The following block in the loadGlobals() method: // let system properties override other globals try { fromProperties(new HashMap( AccessController.doPrivileged( J2DoPrivHelper.getPropertiesAction()))); retrieves a Properties object from System.getProperties(), which is passed to HashMap's ctor. The ctor interacts with an enumerator associated with the Properties object to populate the new HashMap instance. However, if another thread mutates the JVM's System Properties, it can result in a ConcurrentModificationException as observed below: Caused by: java.util.ConcurrentModificationException at java.util.Hashtable$Enumerator.next(Hashtable.java:1256) at java.util.HashMap.putAllForCreate(HashMap.java:566) at java.util.HashMap.<init>(HashMap.java:310) at org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189) -- This message was sent by Atlassian JIRA (v6.3.4#6332)