https://issues.apache.org/bugzilla/show_bug.cgi?id=44956
--- Comment #2 from Giedrius Noreikis <[EMAIL PROTECTED]> 2008-05-13 16:23:53
PST ---
According to my tests, removing this line fixes the problem.
If more radical changes are undesirable due to a higher risk, to prevent such
bugs in future I would propose at least making that nullList final and
unmodifiable:
static final List nullList;
static {
List list = new ArrayList();
list.add(null);
nullList = Collections.unmodifiableList(list);
}
BTW, currently I'm working on a project using xmlsec library, and I have to fix
such issues anyway (just made own build).. So, in case you need help, I could
contribute more, by fixing bugs I've found, for example.
(In reply to comment #1)
> I'd like Raul to comment on this one, since I think this is part of his
> performance improvement changes. It seems that if we just removed line 123
> of KeyInfo.java, it would fix the problem:
> _storageResolvers.add(null);
> If there is a simple, low-risk fix then I am open to adding this to 1.4.2.
> (In reply to comment #0)
> > We are having problems with an
> > org.apache.xml.security.signature.XMLSignature
> > instance creation in a multi-threaded environment: sometimes an
> > ArrayIndexOutOfBoundsException is thrown:
> >
> > java.lang.ArrayIndexOutOfBoundsException: 38
> > at java.util.ArrayList.add(Unknown Source)
> > at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
> > at org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
> > ...
> >
> > The XMLSignature constructor being used is:
> > public XMLSignature(Element element, String BaseURI)
> >
> > Looking further at the sources I found out that:
> > 1. The KeyInfo constructor being invoked by the XMLSignature constructor
> > must
> > be public KeyInfo(Element element, String BaseURI) (XMLSignature:297).
> > 2. The exact line producing the exception must be
> > _storageResolvers.add(null)
> > (KeyInfo:123).
> > 3. Upon the creation, the _storageResolvers variable of *each* KeyInfo
> > instance
> > holds a reference to the *single* static nullList variable (KeyInfo:1067).
> > Thus, adding null to that list effectively modifies the single shared
> > ArrayList
> > instance, while concurrent access and structural modifications of an
> > ArrayList
> > instance are not allowed.
> > 4. The entire _storageResolvers.add(null) statement seems to be useless and
> > probably could be simply removed.
> > 5. IMHO, such a strange invention :) as that nullList should be evaluated
> > and
> > probably removed as well.
> >
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
