RFR 8194251: Deadlock between UsageTracker and System.getProperty() when using a malformed security policy

Sean Mullan sean.mullan at oracle.com
Tue Feb 6 20:46:02 UTC 2018


Looks good.

--Sean

On 2/5/18 2:26 PM, Adam Petcher wrote:
> Please review the following change:
> 
> JBS: https://bugs.openjdk.java.net/browse/JDK-8194251
> Webrev: http://cr.openjdk.java.net/~apetcher/8194251/webrev.00/
> 
> We ran into a problem related to loading locale data when a security 
> policy file is malformed. The parse error is localized and printed, 
> which requires the locale data to be loaded, which triggers a security 
> policy check, which results in deadlock or infinite recursion.
> 
> This change removes localization from all messages during policy file 
> parsing and loading. I believe that this behavior is acceptable 
> according to our localization requirements. I removed the code that 
> tried to determine whether localization would succeed, because making it 
> work reliably would be difficult. Now the client of LocalizedMessage 
> will need to explicitly state whether the message should be localized or 
> not.
> 


More information about the security-dev mailing list