Potential Thread-Safety Bug in XMLEntityManager
Elliot Barlas
elliot.barlas at elastic.co
Tue Oct 14 22:07:41 UTC 2025
Hello core-libs-dev!
There appears to be a thread-safety bug in
com.sun.org.apache.xerces.internal.impl.XMLEntityManager related to the
introduction of the following field[1] in the following commit[2].
[1] CatalogResolver fDefCR // the default JDK Catalog Resolver
[2]
https://github.com/openjdk/jdk/commit/93bdc2a6db91a95d6ee52ec92080e586c694dad5
Multiple threads executing the following sample code use the same
underlying javax.xml.catalog.CatalogImpl obtained from
JdkXmlConfig.getInstance().getJdkCatalog(). CatalogImpl is not thread safe.
The resolveEntity method mutates the underlying JDK catalog[3].
[3]
https://github.com/openjdk/jdk/blob/master/src/java.xml/share/classes/javax/xml/catalog/CatalogImpl.java#L279
XMLEntityManager entityManager = new XMLEntityManager();
XMLResourceIdentifier resourceIdentifier = new XMLResourceIdentifierImpl(
"http://example.com/dtd/sample.dtd",
"sample.dtd",
"http://example.com/base/",
"http://example.com/base/sample.dtd");
entityManager.resolveEntity(resourceIdentifier);
Prior to the commit above, this code did not access a shared JDK
CatalogImpl.
-Elliot Barlas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/core-libs-dev/attachments/20251014/dde96fad/attachment-0001.htm>
More information about the core-libs-dev
mailing list