StackOverflowError - Java 9 Build 181

Sean Mullan sean.mullan at oracle.com
Wed Sep 20 19:45:05 UTC 2017


Tom,

Try adding the following lines to the lib/security/default.policy file 
in your JDK installation:

grant codeBase "jrt:/jdk.javaws" {
     permission java.security.AllPermission;
};

I have a hunch that permissions are not being granted to the jdk.javaws 
module before it needs them. If that fixes the issue (or you don't see 
it for a few days), I'll followup and file a bug.

Thanks,
Sean

On 9/19/17 5:55 PM, Tom Hood wrote:
> No luck so far reproducing this problem.  The two times it happened to 
> me yesterday have both been with Java 9 build 181 and the application 
> has been idle for awhile. I login to our application, execute various 
> features of the application, go to a meeting, return, and then see the 
> java console repeatedly displaying the stack overflow exception.  Maybe 
> meetings are bad for Java 9? :-)  I think there are some background 
> threads in our application that are waking up periodically and doing 
> "stuff".  I don't know what that "stuff" is yet, but that would be my 
> guess at where I will find the code that triggered the overflow.
> 
> Assuming I can get our application to the point where I can reproduce 
> the stack overflow, are there particular Java 9 builds that made 
> significant changes to security-relevant code that you'd like me to try?
> 
> Keep in mind that our app runs on a network not connected to the 
> internet.  As it is, I manually typed in the stack trace, so if there's 
> a lot of output I'll have to print it and go through an approval process 
> to show it to you via a scanned pdf.  I will continue testing of our app 
> with the security debug turned on so that I'll have the output if it 
> happens again.  I also have the logging and tracing enabled in the java 
> control panel.
> 
> -- Tom
> 
> 
> On Tue, Sep 19, 2017 at 12:13 PM, Sean Mullan <sean.mullan at oracle.com 
> <mailto:sean.mullan at oracle.com>> wrote:
> 
>     Cross-posting to security-dev as this is more relevant to that list
>     and bcc-ing core-libs-dev.
> 
>     I think this might be an issue with the JavaWebStart SecurityManager
>     not being granted the proper permissions. It is possible that the
>     deployment policy files are not being loaded or there is some other
>     subtle bootstrapping issue. It should not result in a recursive loop
>     of course, but there may be a workaround.
> 
>     In the meantime, can you send me more information, preferably a test
>     case and a log file with -Djava.security.debug=all enabled? (The
>     latter will help analyze the recursion and see what security checks
>     are failing and for which ProtectionDomains). Also, have you tested
>     this on builds earlier than b181?
> 
>     Thanks,
>     Sean
> 
>     On 9/19/17 2:53 PM, Tom Hood wrote:
> 
>         I should add that we have not modified or overridden any policy
>         files.
>         Also, we are not using a custom security manager.
> 
>         On Tue, Sep 19, 2017 at 11:52 AM, Tom Hood <tom.w.hood at gmail.com
>         <mailto:tom.w.hood at gmail.com>> wrote:
> 
>             Hi,
> 
>             I hit an infinite recursion loop probably related to
>             PolicyFile that
>             exists in Java 9 build 181 for windows 64-bit.  It might be
>             related to
>             JDK-8077418
>             <https://bugs.openjdk.java.net/browse/JDK-8077418
>             <https://bugs.openjdk.java.net/browse/JDK-8077418>>
> 
> 
>             I haven't tracked down what is causing our webstart app to
>             hit this
>             problem yet, but I thought I would let you know sooner than
>             later.  Also,
>             it probably is not a problem for our particular application
>             as I should be
>             able to set the security manager to null which I think/hope
>             will bypass
>             this issue.  I will try today to reproduce it in our app so
>             I can confirm
>             if setting security manager to null will work for us.
> 
>             The stack looks like the following: (with many repeat stacks
>             omitted)
> 
>             Exception in thread "AWT-EventQueue-2"
>             java.lang.StackOverflowError
>             at
>             java.base/java.security.AccessController.doPrivileged(Native
>             Method)
>             at java.base/sun.security.provider.PolicyFile.getPermissions(Po
>             licyFile.java:1135)
>             at java.base/sun.security.provider.PolicyFile.getPermissions(Po
>             licyFile.java:1082)
>             at java.base/sun.security.provider.PolicyFile.implies(PolicyFil
>             e.java:1038)
>             at java.base/java.security.provider.ProtectionDomain.implies(Pr
>             otectionDomain.java:323)
>             at java.base/java.security.provider.ProtectionDomain.impliesWit
>             hAltFilePerm(ProtectionDomain.java:355)
>             at java.base/java.security.provider.AccessControlContext.checkP
>             ermission(AccessControlContext.java:450)
>             at java.base/java.security.provider.AccessController.checkPermi
>             ssion(AccessController.java:895)
>             at java.base/java.lang.SecurityManager.checkPermission(Security
>             Manager.java:558)
>             at jdk.javaws/com.sun.javaws.security.JavaWebStartSecurity.chec
>             kPermission(JavaWebStartSecurity.java:237)
>             at
>             java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:897)
>             at java.base/java.io.File.isDirectory(File.java:845)
>             at
>             java.base/sun.net.www.ParseUtil.fileToEncodedURL(ParseUtil.java:299)
>             at java.base/sun.security.provider.PolicyFile.canonicalizeCodeb
>             ase(PolicyFile.java:1665)
>             at java.base/sun.security.provider.PolicyFile.access$700(Policy
>             File.java:263)
>             at
>             java.base/sun.security.provider.PolicyFile$7.run(PolicyFile.java:1139)
>             at
>             java.base/sun.security.provider.PolicyFile$7.run(PolicyFile.java:1136)
>             **** and again ****
>             at
>             java.base/java.security.AccessController.doPrivileged(Native
>             Method)
>             at java.base/sun.security.provider.PolicyFile.getPermissions(Po
>             licyFile.java:1135)
>             at java.base/sun.security.provider.PolicyFile.getPermissions(Po
>             licyFile.java:1082)
>             at java.base/sun.security.provider.PolicyFile.implies(PolicyFil
>             e.java:1038)
>             at java.base/java.security.provider.ProtectionDomain.implies(Pr
>             otectionDomain.java:323)
>             at java.base/java.security.provider.ProtectionDomain.impliesWit
>             hAltFilePerm(ProtectionDomain.java:355)
>             at java.base/java.security.provider.AccessControlContext.checkP
>             ermission(AccessControlContext.java:450)
>             at java.base/java.security.provider.AccessController.checkPermi
>             ssion(AccessController.java:895)
>             at java.base/java.lang.SecurityManager.checkPermission(Security
>             Manager.java:558)
>             at jdk.javaws/com.sun.javaws.security.JavaWebStartSecurity.chec
>             kPermission(JavaWebStartSecurity.java:237)
>             at
>             java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:897)
>             at java.base/java.io.File.isDirectory(File.java:845)
>             at
>             java.base/sun.net.www.ParseUtil.fileToEncodedURL(ParseUtil.java:299)
>             at java.base/sun.security.provider.PolicyFile.canonicalizeCodeb
>             ase(PolicyFile.java:1665)
>             at java.base/sun.security.provider.PolicyFile.access$700(Policy
>             File.java:263)
>             at
>             java.base/sun.security.provider.PolicyFile$7.run(PolicyFile.java:1139)
>             at
>             java.base/sun.security.provider.PolicyFile$7.run(PolicyFile.java:1136)
>             **** above lines start the stack that repeats until overflow
>             ****
>             at
>             java.base/java.security.AccessController.doPrivileged(Native
>             Method)
>             at java.base/sun.security.provider.PolicyFile.getPermissions(Po
>             licyFile.java:1135)
>             at java.base/sun.security.provider.PolicyFile.getPermissions(Po
>             licyFile.java:1082)
>             at java.base/sun.security.provider.PolicyFile.implies(PolicyFil
>             e.java:1038)
> 
>             -- Tom
> 
> 
> 


More information about the security-dev mailing list