https://bz.apache.org/bugzilla/show_bug.cgi?id=69995
Bug ID: 69995
Summary: Jasper generates _jspx_dependants entries in
non-deterministic HashMap iteration order, breaking
reproducible builds
Product: Tomcat 9
Version: unspecified
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: normal
Priority: P2
Component: Jasper
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: -----
Created attachment 40164
--> https://bz.apache.org/bugzilla/attachment.cgi?id=40164&action=edit
Proposed diffs
PageInfo stores the dependants map (populated as <%@ include file="..." %>
directives are parsed) in a java.util.HashMap. Because HashMap does not
preserve insertion order, the iteration order when Generator emits the
_jspx_dependants.put() calls into the static initializer of the generated
servlet varies across JVM runs. This means two compilations of the same JSP can
produce bytecode with a different initialization sequence, violating
reproducible-build requirements.
Steps to reproduce:
1. Create a JSP with multiple static includes, e.g.:
<%@ include file="a.jspf" %>
<%@ include file="b.jspf" %>
<%@ include file="c.jspf" %>
2. Compile the JSP multiple times.
3. Compare the generated _jsp.java files: the order of _jspx_dependants.put()
calls may differ between runs.
Expected behavior: The _jspx_dependants.put() calls appear in the same order as
the <%@ include %> directives in the source JSP.
Actual behavior: The calls appear in unpredictable HashMap iteration order,
producing non-reproducible output.
Fix: Change the dependants field in PageInfo from HashMap to LinkedHashMap so
that insertion order (i.e. directive source order) is preserved. Change the
corresponding new java.util.HashMap in the Generator static-initializer
emission to new java.util.LinkedHashMap for consistency.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
