The boolean flag "org.apache.catalina.tribes.transport.bio.util.FastQueue.enabled" may be read/written by multiple threads concurrently (See <http://svn.apache.org/repos/asf/!svn/bc/1203897/tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/MessageDispatchInterceptor.java>). Therefore, accesses to it should be properly synchronized. It is sufficient to make this boolean flag volatile to protect access to it. See <https://www.securecoding.cert.org/confluence/display/java/VNA00-J.+Ensure+visibility+when+accessing+shared+primitive+variables> for more information about this bug pattern. Keshmesh (https://keshmesh.cs.illinois.edu/) is an Eclipse plugin that analyzes the source code of Java programs for common concurrency bug patterns. We used Keshmesh to detect this concurrency bug pattern.
(In reply to comment #0) > The boolean flag > "org.apache.catalina.tribes.transport.bio.util.FastQueue.enabled" may be > read/written by multiple threads concurrently (See > <http://svn.apache.org/repos/asf/!svn/bc/1203897/tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/MessageDispatchInterceptor.java>). > Therefore, accesses to it should be properly synchronized. It is sufficient to > make this boolean flag volatile to protect access to it. > > See > <https://www.securecoding.cert.org/confluence/display/java/VNA00-J.+Ensure+visibility+when+accessing+shared+primitive+variables> > for more information about this bug pattern. > > Keshmesh (https://keshmesh.cs.illinois.edu/) is an Eclipse plugin that > analyzes the source code of Java programs for common concurrency bug patterns. > We used Keshmesh to detect this concurrency bug pattern. I made a typo in the URL of Keshmesh the correct URL is <http://keshmesh.cs.illinois.edu/>.
Please note that the underlying problem is similar to Bug 48235. Keshmesh <http://keshmesh.cs.illinois.edu/> detected the unprotected flag "FastQueue.enabled" when we annotated "org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor.run()" as an entry method.
Fixed in trunk and 7.0.x and will be included in 7.0.24 onwards.