Re: Infinite Loop due to inconsistent hashmap, in ApacheXMLSecurityJava XMLUtil.class

Tue, 12 Jan 2010 14:02:25 -0800

We usually have 1-2 releases a year. I don't believe there is any time table for the next release.
The fix for this is very simple and in the meantime you could create a patch and just replace the XMLUtils.class in your xmlsec.jar: 

$ svn diff -r792509  XMLUtils.java
Index: XMLUtils.java
===================================================================
--- XMLUtils.java       (revision 792509)
+++ XMLUtils.java       (working copy)
@@ -227,7 +227,8 @@


    static  String dsPrefix=null;
-   static Map namePrefixes=new HashMap();

+   private static Map namePrefixes= 
java.util.Collections.synchronizedMap(new HashMap());

+
    /**
     * Creates an Element in the XML Signature specification namespace.
     *

--Sean

ArunaGanesan wrote:

When is the next release? We are using this jar in a production system and it
would be easier for us to download it from a stable release, than applying
the patch and getting it reviewed.

Aruna

Colm O hEigeartaigh wrote:

This has already been fixed and will be in the next release:

https://issues.apache.org/bugzilla/show_bug.cgi?id=47779

Colm.

-----Original Message-----

From: ArunaGanesan [mailto:aruna...@gmail.com] 
Sent: 12 January 2010 11:07

To: security-dev@xml.apache.org
Subject: Infinite Loop due to inconsistent hashmap, in
ApacheXMLSecurityJava XMLUtil.class


We are using WSS4J, AxisJ and ApacheXMLSecurityJava for contacting a
webservice using SOAP. One of our tool makes parallel SOAP requests to
this
web service. This tool runs on a m/c with 32 virtual processors.

We were running into a process block a way too often.We did a jstack on
the

process and the process seem to be doing this. 
at java.util.HashMap.get(HashMap.java:303)

at
org.apache.xml.security.utils.XMLUtils.createElementInSignatureSpace(Unk
nown
Source)

Everytime we get the same jstack when the process stops making progress.

At this point, the process stops and the CPU starts spiking.

When we looked at the XMLUtils code, we found that the class is not
thread
safe.
There is a hashmap namePrefixes that is used without synchronization.
It
seems that a hashmap without synchronization can cause infinite loop
 http://lightbody.net/blog/2005/07/hashmapget_can_cause_an_infini.html

Since the hash map used in the class is a static object, we guess the
hash

map is left in an inconsistent state. 


Is there any solution available so that we can get rid of this infinite
loop.
--
View this message in context:
http://old.nabble.com/Infinite-Loop-due-to-inconsistent-hashmap%2C-in-Ap
acheXMLSecurityJava-XMLUtil.class-tp27125974p27125974.html
Sent from the Apache XML - Security - Dev mailing list archive at
Nabble.com.





























					Reply via email to