[jira] [Commented] (OGNL-252) OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash collisions

Mon, 02 Nov 2015 11:15:07 -0800 

    [ 
https://issues.apache.org/jira/browse/OGNL-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14985820#comment-14985820
 ] 

Carlos Saona commented on OGNL-252:
-----------------------------------

Yes, that's what I think

> OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash 
> collisions
> ------------------------------------------------------------------------------------
>
>                 Key: OGNL-252
>                 URL: https://issues.apache.org/jira/browse/OGNL-252
>             Project: Commons OGNL
>          Issue Type: Bug
>    Affects Versions: 3.0
>            Reporter: Carlos Saona
>            Priority: Critical
>             Fix For: 3.0.12
>
>
> Using Struts 2.3.24 and OGNL 3.0.6, one of our production servers was not 
> rendering one attribute of a specific page. It was weird because the other 
> servers were rendering that same page OK, and all had the same software 
> version.
> Using the debugger, I found out that the problem was that OgnlRuntime.invoke 
> method was throwing IllegalAccessException when invoking a given method by 
> reflection. The difference between the working and non-working servers was 
> that _methodAccessCache had different boolean values for that method. The 
> non-working server failed to force the accessibility of the method because 
> syncInvoke was set to false.
> Inspecting the code of OgnlRuntime.invokeMethod, I saw the cache is using the 
> hash of the method as a key, instead of the method itself. Therefore if two 
> different methods that have different accessibility have a hash collision in 
> the cache, OgnlRuntime.invokeMethod will throw an IllegalAccessException if 
> the one that is accessible is cached before the one that is not.
> I think this could be fixed by using the method itself as the map key, 
> instead of its hash value. Browsing the changelog, I saw that at least since 
> 3.0.9 IntHashMap has been replaced with ConcurrentHashMap, so the change 
> would be quite straightforward. 
> If you agree with the diagnostic, I volunteer to fork and submit a pull 
> request.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to