joepembe opened a new pull request, #3934: URL: https://github.com/apache/logging-log4j2/pull/3934
The `ThrowableStackTraceRenderer` class can throw a `NullPointerException` if the suppressed exceptions associated with the `Throwable` it is rendering are being concurrently mutated. This happens because `ThrowableStackTraceRenderer` invokes `Throwable#getSuppressed()` twice: once in `ThrowableStackTraceRenderer.Context.Metadata#populateMetadata()`, and a second time in `ThrowableStackTraceRenderer#renderThrowable()`, ahead of invoking `ThrowableStackTraceRenderer#renderSuppressed()`. If a racing thread manages to add a new suppressed exception to the being-logged exception between these two invocations, then the `Map<Throwable, Context.Metadata>` constructed by `populateMetadata()` will contain no mapping for the newly-added suppression, and as a result the dereference performed on line 168 explodes. Note: the unit test I am adding here requires the ability to mock `Throwable#getSuppressed()`. Since this method is `final`, I had to add a dependency on `mockito-inline`, which then required that I fix up some unrelated unit tests that had been relying on the lack of support for mocking `final` methods. This fixes #3929 > [!IMPORTANT] > Base your changes on `2.x` branch if you are targeting Log4j 2; use `main` otherwise. ## Checklist Before we can review and merge your changes, please go through the checklist below. If you're still working on some items, feel free to submit your pull request as a draft—our CI will help guide you through the remaining steps. ### ✅ Required checks - [X] **License**: I confirm that my changes are submitted under the [Apache License, Version 2.0](https://apache.org/licenses/LICENSE-2.0). - [X] **Commit signatures**: All commits are signed and verifiable. (See [GitHub Docs on Commit Signature Verification](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)). - [X] **Code formatting**: The code is formatted according to the project’s style guide. <details> <summary>How to check and fix formatting</summary> - To **check** formatting: `./mvnw spotless:check` - To **fix** formatting: `./mvnw spotless:apply` See [the build instructions](https://logging.apache.org/log4j/2.x/development.html#building) for details. </details> - [X] **Build & Test**: I verified that the project builds and all unit tests pass. <details> <summary>How to build the project</summary> Run: `./mvnw verify` See [the build instructions](https://logging.apache.org/log4j/2.x/development.html#building) for details. </details> ### 🧪 Tests (select one) - [X] I have added or updated tests to cover my changes. - [ ] No additional tests are needed for this change. ### 📝 Changelog (select one) - [X] I added a changelog entry in `src/changelog/.2.x.x`. (See [Changelog Entry File Guide](https://logging.apache.org/log4j/tools/log4j-changelog.html#changelog-entry-file)). - [ ] This is a trivial change and does not require a changelog entry. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
