RFR 8194251: Deadlock between UsageTracker and System.getProperty() when using a malformed security policy
Adam Petcher
adam.petcher at oracle.com
Mon Feb 5 19:26:31 UTC 2018
Please review the following change:
JBS: https://bugs.openjdk.java.net/browse/JDK-8194251
Webrev: http://cr.openjdk.java.net/~apetcher/8194251/webrev.00/
We ran into a problem related to loading locale data when a security
policy file is malformed. The parse error is localized and printed,
which requires the locale data to be loaded, which triggers a security
policy check, which results in deadlock or infinite recursion.
This change removes localization from all messages during policy file
parsing and loading. I believe that this behavior is acceptable
according to our localization requirements. I removed the code that
tried to determine whether localization would succeed, because making it
work reliably would be difficult. Now the client of LocalizedMessage
will need to explicitly state whether the message should be localized or
not.
More information about the security-dev
mailing list