Bug 62278

Summary: User session are mixed up after internal exceptions
Product: Tomcat 8 Reporter: Dmitry Treskunov <dmitry.treskunov>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED INVALID    
Severity: normal    
Priority: P2    
Version: 8.5.23   
Target Milestone: ----   
Hardware: PC   
OS: All   

Description Dmitry Treskunov 2018-04-10 11:46:48 UTC
We faced an issue when one user became logged in as another one. 
I suppose that Tomcat may mix up responses and return session cookie to the wrong request.
 
It seems that it may be related to the following errors occured at the same time:

java.lang.NullPointerException
 at org.apache.coyote.http11.Http11OutputBuffer$SocketOutputBuffer.doWrite(Http11OutputBuffer.java:644)
 at org.apache.coyote.http11.filters.ChunkedOutputFilter.doWrite(ChunkedOutputFilter.java:126)
 at org.apache.coyote.http11.Http11OutputBuffer.doWrite(Http11OutputBuffer.java:235)
 at org.apache.coyote.Response.doWrite(Response.java:541)
 at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:351)
 at org.apache.catalina.connector.OutputBuffer.appendByteArray(OutputBuffer.java:785)
 at org.apache.catalina.connector.OutputBuffer.append(OutputBuffer.java:714)
 at org.apache.catalina.connector.OutputBuffer.writeBytes(OutputBuffer.java:391)
 at org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:369)
 at org.apache.catalina.connector.CoyoteOutputStream.write(CoyoteOutputStream.java:96)
 at jetbrains.buildServer.vcs.patches.PatchStreamUtil.writeBinary(PatchStreamUtil.java:76)
 at jetbrains.buildServer.util.TCStreamUtil.writeBinary(TCStreamUtil.java:37)
 at jetbrains.buildServer.util.FileUtil.copyStreamRangeAndClose(FileUtil.java:783)
 at jetbrains.buildServer.controllers.HttpDownloadProcessor.processDownload(HttpDownloadProcessor.java:306)
 at jetbrains.buildServer.controllers.HttpDownloadProcessor.processFileDownload(HttpDownloadProcessor.java:100)
 at jetbrains.buildServer.web.plugins.agent.AgentPluginsController.doHandle(AgentPluginsController.java:95)
 at jetbrains.buildServer.controllers.BaseController.handleRequestInternal(BaseController.java:101)
 at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:174)
 at jetbrains.buildServer.controllers.BaseController.handleRequest(BaseController.java:80)
 at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)
 at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
 at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
 at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
 at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
 at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
 at jetbrains.buildServer.maintenance.TeamCityDispatcherServlet.processedByMainServlet(TeamCityDispatcherServlet.java:130)
 at jetbrains.buildServer.maintenance.TeamCityDispatcherServlet.service(TeamCityDispatcherServlet.java:115)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at jetbrains.buildServer.web.jsp.JspPrecompilerFilter.doFilter(JspPrecompilerFilter.java:73)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at jetbrains.buildServer.web.DisableSessionIdFromUrlFilter.doFilter(DisableSessionIdFromUrlFilter.java:21)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:107)
 at jetbrains.buildServer.diagnostic.web.DiagnosticFilter.doFilter(DiagnosticFilter.java:79)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
 at jetbrains.buildServer.web.DependencyParametersCalculationContextFilter.doFilter(DependencyParametersCalculationContextFilter.java:37)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
 at jetbrains.buildServer.web.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:38)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
 at jetbrains.buildServer.web.CSRFFilter.doFilter(CSRFFilter.java:103)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
 at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:73)
 at jetbrains.buildServer.web.DelegatingFilter.doFilter(DelegatingFilter.java:53)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at jetbrains.buildServer.web.ResponseFragmentFilter.doFilter(ResponseFragmentFilter.java:37)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at jetbrains.buildServer.web.DisableBrowserCacheFilter.doFilter(DisableBrowserCacheFilter.java:20)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
 at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
 at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
 at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
 at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
 at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
 at java.lang.Thread.run(Thread.java:748) 

java.lang.NullPointerException
 at org.apache.catalina.connector.Request.notifyAttributeAssigned(Request.java:1555)
 at org.apache.catalina.connector.Request.setAttribute(Request.java:1541)
 at org.apache.catalina.connector.RequestFacade.setAttribute(RequestFacade.java:540)
 at org.apache.catalina.core.ApplicationHttpRequest.setAttribute(ApplicationHttpRequest.java:301)
 at jetbrains.buildServer.controllers.interceptors.RequestInterceptors.getRequestStack(RequestInterceptors.java:109)
 at jetbrains.buildServer.controllers.interceptors.RequestInterceptors.postHandle(RequestInterceptors.java:75)
 at org.springframework.web.servlet.HandlerExecutionChain.applyPostHandle(HandlerExecutionChain.java:151)
 at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:974)
 at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
 at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
 at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
 at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
 at jetbrains.buildServer.maintenance.TeamCityDispatcherServlet.processedByMainServlet(TeamCityDispatcherServlet.java:130)
 at jetbrains.buildServer.maintenance.TeamCityDispatcherServlet.service(TeamCityDispatcherServlet.java:115)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728)
 at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:590)
 at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:524)
 at org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:160)
 at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:303)
 at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1286)
 at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1041)
 at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:984)
 at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
 at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
 at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
 at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
 at jetbrains.buildServer.maintenance.TeamCityDispatcherServlet.processedByMainServlet(TeamCityDispatcherServlet.java:130)
 at jetbrains.buildServer.maintenance.TeamCityDispatcherServlet.service(TeamCityDispatcherServlet.java:115)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at jetbrains.buildServer.web.jsp.JspPrecompilerFilter.doFilter(JspPrecompilerFilter.java:73)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at jetbrains.buildServer.web.DisableSessionIdFromUrlFilter.doFilter(DisableSessionIdFromUrlFilter.java:21)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:107)
 at jetbrains.buildServer.diagnostic.web.DiagnosticFilter.doFilter(DiagnosticFilter.java:79)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
 at jetbrains.buildServer.web.DependencyParametersCalculationContextFilter.doFilter(DependencyParametersCalculationContextFilter.java:37)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
 at jetbrains.buildServer.web.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:38)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
 at jetbrains.buildServer.web.CSRFFilter.doFilter(CSRFFilter.java:103)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
 at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:73)
 at jetbrains.buildServer.web.DelegatingFilter.doFilter(DelegatingFilter.java:53)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at jetbrains.buildServer.web.ResponseFragmentFilter.doFilter(ResponseFragmentFilter.java:37)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
 at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
 at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
 at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
 at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
 at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
 at java.lang.Thread.run(Thread.java:748)

java.nio.BufferOverflowException
 at java.nio.DirectByteBuffer.put(DirectByteBuffer.java:363)
 at java.nio.DirectByteBuffer.put(DirectByteBuffer.java:342)
 at sun.nio.ch.IOUtil.write(IOUtil.java:60)
 at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:471)
 at org.apache.tomcat.util.net.NioChannel.write(NioChannel.java:134)
 at org.apache.tomcat.util.net.NioBlockingSelector.write(NioBlockingSelector.java:101)
 at org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:157)
 at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.doWrite(NioEndpoint.java:1267)
 at org.apache.tomcat.util.net.SocketWrapperBase.doWrite(SocketWrapperBase.java:670)
 at org.apache.tomcat.util.net.SocketWrapperBase.writeBlocking(SocketWrapperBase.java:450)
 at org.apache.tomcat.util.net.SocketWrapperBase.write(SocketWrapperBase.java:388)
 at org.apache.coyote.http11.Http11OutputBuffer$SocketOutputBuffer.doWrite(Http11OutputBuffer.java:644)
 at org.apache.coyote.http11.filters.IdentityOutputFilter.doWrite(IdentityOutputFilter.java:119)
 at org.apache.coyote.http11.Http11OutputBuffer.doWrite(Http11OutputBuffer.java:235)
 at org.apache.coyote.Response.doWrite(Response.java:541)
 at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:351)
 at org.apache.catalina.connector.OutputBuffer.appendByteArray(OutputBuffer.java:785)
 at org.apache.catalina.connector.OutputBuffer.append(OutputBuffer.java:714)
 at org.apache.catalina.connector.OutputBuffer.writeBytes(OutputBuffer.java:391)
 at org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:369)
 at org.apache.catalina.connector.CoyoteOutputStream.write(CoyoteOutputStream.java:96)
 at jetbrains.buildServer.vcs.patches.PatchStreamUtil.writeBinary(PatchStreamUtil.java:76)
 at jetbrains.buildServer.util.TCStreamUtil.writeBinary(TCStreamUtil.java:37)
 at jetbrains.buildServer.util.FileUtil.copyStreamRangeAndClose(FileUtil.java:783)
 at jetbrains.buildServer.controllers.HttpDownloadProcessor.processDownload(HttpDownloadProcessor.java:306)
 at jetbrains.buildServer.controllers.HttpDownloadProcessor.processFileDownload(HttpDownloadProcessor.java:100)
 at jetbrains.buildServer.web.plugins.agent.AgentPluginsController.doHandle(AgentPluginsController.java:95)
 at jetbrains.buildServer.controllers.BaseController.handleRequestInternal(BaseController.java:101)
 at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:174)
 at jetbrains.buildServer.controllers.BaseController.handleRequest(BaseController.java:80)
 at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)
 at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
 at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
 at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
 at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
 at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
 at jetbrains.buildServer.maintenance.TeamCityDispatcherServlet.processedByMainServlet(TeamCityDispatcherServlet.java:130)
 at jetbrains.buildServer.maintenance.TeamCityDispatcherServlet.service(TeamCityDispatcherServlet.java:115)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at jetbrains.buildServer.web.jsp.JspPrecompilerFilter.doFilter(JspPrecompilerFilter.java:73)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at jetbrains.buildServer.web.DisableSessionIdFromUrlFilter.doFilter(DisableSessionIdFromUrlFilter.java:21)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:107)
 at jetbrains.buildServer.diagnostic.web.DiagnosticFilter.doFilter(DiagnosticFilter.java:79)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
 at jetbrains.buildServer.web.DependencyParametersCalculationContextFilter.doFilter(DependencyParametersCalculationContextFilter.java:37)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
 at jetbrains.buildServer.web.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:38)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
 at jetbrains.buildServer.web.CSRFFilter.doFilter(CSRFFilter.java:103)
 at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
 at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:73)
 at jetbrains.buildServer.web.DelegatingFilter.doFilter(DelegatingFilter.java:53)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at jetbrains.buildServer.web.ResponseFragmentFilter.doFilter(ResponseFragmentFilter.java:37)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at jetbrains.buildServer.web.DisableBrowserCacheFilter.doFilter(DisableBrowserCacheFilter.java:20)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
 at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
 at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
 at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
 at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
 at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
 at java.lang.Thread.run(Thread.java:748)
Comment 1 Dmitry Treskunov 2018-04-10 13:52:13 UTC
At least it's not clear what can cause the NPE and BufferOverflowException errors, we saw a number of them during a very short period.
Comment 2 Remy Maucherat 2018-04-12 08:18:34 UTC
The two NPEs seem to be related to use of recycled objects or concurrent use of some sort (the buffer overflow). One of the NPEs has been "fixed" as it affected a legitimate use. There are no indications of a Tomcat problem overall nor a way to reproduce it, so nothing to do.

However, as there are security implications, this sort of BZ should never be filed as it is right here. When/if you find a specific problem with a way to reproduce, you should file a BZ if there are no security implications, or post to the security mailing list if there is.
Comment 3 Dmitry Treskunov 2018-04-12 10:19:32 UTC
Hi, 

It doesn't reproduce easily, right. 

But this NPEs are thrown from the objects which are not supposed to be used in the current state, i.e. were recycled.

Why were the objects recycled while the request was not complete?