RFR 8194251: Deadlock between UsageTracker and System.getProperty() when using a malformed security policy

Adam Petcher adam.petcher at oracle.com
Mon Feb 5 19:26:31 UTC 2018


Please review the following change:

JBS: https://bugs.openjdk.java.net/browse/JDK-8194251
Webrev: http://cr.openjdk.java.net/~apetcher/8194251/webrev.00/

We ran into a problem related to loading locale data when a security 
policy file is malformed. The parse error is localized and printed, 
which requires the locale data to be loaded, which triggers a security 
policy check, which results in deadlock or infinite recursion.

This change removes localization from all messages during policy file 
parsing and loading. I believe that this behavior is acceptable 
according to our localization requirements. I removed the code that 
tried to determine whether localization would succeed, because making it 
work reliably would be difficult. Now the client of LocalizedMessage 
will need to explicitly state whether the message should be localized or 
not.




More information about the security-dev mailing list