RFR: 8329013: StackOverflowError when starting Apache Tomcat with signed jar
Jaikiran Pai
jpai at openjdk.org
Tue Apr 2 15:26:01 UTC 2024
On Tue, 2 Apr 2024 15:01:15 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
> I guess the question is what sort of Logger and LoggerFinder would you return in cases where recursion is detected ? Extra issues might arise from the System.getLogger method being public and widely used. Additional issues might stem from the fact that Logger libraries can be plugged in and returned Logger might be stored as a static variable etc.
Agreed - a lot of questions will need to be answered before attempting any change in that code. I don't have answers to any of those though :)
Given that `System.getLogger()` is public API and from the looks of it, any application code can trigger this issue without a JDK internal class involvement (I'm guessing if you modify the test in this PR to replace the call to `EventHelper.isLoggingSecurity();` with `var foo = System.getLogger("bar");` the StackOverFlowError issue will reproduce?), I think the real issue will continue to exist after this change.
Having said that, I didn't mean to stop you from doing this change in `EventHelper`. My question was merely an observation. Your change in the current form looks OK to me.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/18534#issuecomment-2032348980
More information about the security-dev
mailing list