RFR 8194251: Deadlock between UsageTracker and System.getProperty() when using a malformed security policy
Sean Mullan
sean.mullan at oracle.com
Tue Feb 6 20:46:02 UTC 2018
Looks good.
--Sean
On 2/5/18 2:26 PM, Adam Petcher wrote:
> Please review the following change:
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8194251
> Webrev: http://cr.openjdk.java.net/~apetcher/8194251/webrev.00/
>
> We ran into a problem related to loading locale data when a security
> policy file is malformed. The parse error is localized and printed,
> which requires the locale data to be loaded, which triggers a security
> policy check, which results in deadlock or infinite recursion.
>
> This change removes localization from all messages during policy file
> parsing and loading. I believe that this behavior is acceptable
> according to our localization requirements. I removed the code that
> tried to determine whether localization would succeed, because making it
> work reliably would be difficult. Now the client of LocalizedMessage
> will need to explicitly state whether the message should be localized or
> not.
>
More information about the security-dev
mailing list