Bug 50554 - Bad use of getClass() could potentially lead to concurrency bugs in future
Bad use of getClass() could potentially lead to concurrency bugs in future
Status: RESOLVED FIXED
Product: Tomcat 7
Classification: Unclassified
Component: Catalina
trunk
All All
: P2 normal (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2011-01-06 14:38 UTC by Mohsen Vakilian
Modified: 2011-01-07 05:32 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mohsen Vakilian 2011-01-06 14:38:25 UTC
The method org.apache.naming.java.javaURLContextFactory.getInitialContext(Hashtable<?,?>) has a synchronized block on getClass(). Using getClass() as lock is a bug pattern because if some class subclasses javaURLContextFactory and getInitialContext gets called on an instance of such a subclass, getClass() will return a different Class object for that instance. Locking different objects for different classes is usually not the expected behavior. Therefore, I suggest to remove this bug pattern by simply replacing getClass() by javaURLContextFactory.class.

See https://www.securecoding.cert.org/confluence/display/java/LCK02-J.+Do+not+synchronize+on+the+class+object+returned+by+getClass%28%29 for more information about this bug pattern.

Keshmesh (https://github.com/reprogrammer/keshmesh/) is an Eclipse plugin that analyzes the source code of Java programs to detect concurrency bug patterns such the one I reported.
Comment 1 Mark Thomas 2011-01-07 05:32:45 UTC
Fixed in 7.0.x and will be included in 7.0.6

The issue was already reported by FindBugs. I fixed this issue and the handful of other FindBugs and Eclipse warnings in that class.