[jira] Commented: (TUSCANY-3065) Double use exposure in JAXBDataSource

[Scott Kurz (JIRA)]

    [ 
https://issues.apache.org/jira/browse/TUSCANY-3065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12714251#action_12714251
 ] 

Scott Kurz commented on TUSCANY-3065:
-------------------------------------

Thanks Greg for the detailed writeup.   Made these changes and committed in 
r779808 in 1.x.    (I didn't have permissions to assign the JIRA to myself 
first though.)

> Double use exposure in JAXBDataSource
> -------------------------------------
>
>                 Key: TUSCANY-3065
>                 URL: https://issues.apache.org/jira/browse/TUSCANY-3065
>             Project: Tuscany
>          Issue Type: Bug
>          Components: Java SCA Data Binding Runtime
>            Reporter: Greg Dritschler
>
> There is a potential double use of a Marshaller object in 
> org.apache.tuscany.sca.databinding.jaxb.axiom.JAXBDataSource.
> The following code gets a marshaller from an underlying pool and then caches 
> it.
>     private Marshaller getMarshaller() throws JAXBException {
>         if (marshaller == null) {
>             // For thread safety, not sure we can cache the marshaller
>             marshaller = JAXBContextHelper.getMarshaller(context);
>         }
>         return marshaller;
>     }
> The code which calls this method also releases the Marshaller back to the 
> pool.  For example:
>     public void serialize(final OutputStream output, OMOutputFormat format) 
> throws XMLStreamException {
>         try {
>             // marshaller.setProperty(Marshaller.JAXB_ENCODING, 
> format.getCharSetEncoding());
>             AccessController.doPrivileged(new 
> PrivilegedExceptionAction<Object>() {
>                 public Object run() throws Exception {
>                     try {
>                         Marshaller marshaller = getMarshaller();
>                         marshaller.marshal(element, output);
>                     } finally {
>                         releaseMarshaller(marshaller);
>                     }
>                     return null;
>                 }
>             });
>         } catch (PrivilegedActionException e) {
>             throw new XMLStreamException(e.getException());
>         }
>     }
> So after this method runs, the member variable marshaller contains a 
> reference to an element in the free pool.  If another thread obtains that 
> element, there is a potential of double use.
> Proposed fix:
> - Delete member variable marshaller.
> - Change getMarshaller to just return the Marshaller obtained from 
> JAXBContextHelper without saving it.
> - Change all callers of getMarshaller/releaseMarshaller to use local 
> variables.  You'll note there's a local variable in the "try" paths, but then 
> the "finally" paths use the member variable.  Both the try and finally should 
> use the same local variable.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.