Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 3.3.0
Affects Version/s: 3.0.1
Component/s: Capabilities
Labels:
- lhf
- thread-safety

Story Points:
1
Sprint:
Sprint 91

Description

The DefaultCapabilityRegistry uses a simple HashMap for its references field, a lock is used to protect that data structure from concurrent access. The getAll() method however hands out a direct reference to that very map (its value set actually but that's irrelevant here), exposing it to access that is not guarded by the lock, e.g. an iteration by get() or other callers which can then encounter exceptions like below.

https://github.com/sonatype/nexus-internal/blob/3ce6cd48c49603b70f3dc1e41efe53122e9ea033/components/nexus-core/src/main/java/org/sonatype/nexus/internal/capability/DefaultCapabilityRegistry.java#L362

2016-08-09 20:49:45,756+0200 ERROR [pool-38-thread-8] admin org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: capability_Capability.read, java-method: org.sonatype.nexus.coreui.capability.CapabilityComponent.read
java.util.ConcurrentModificationException: null
        at java.util.HashMap$HashIterator.nextNode(HashMap.java:1429) [na:1.8.0_74]
        at java.util.HashMap$ValueIterator.next(HashMap.java:1458) [na:1.8.0_74]
        at com.google.common.collect.Iterators$7.computeNext(Iterators.java:651) [com.google.guava:18.0.0]
        at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143) [com.google.guava:18.0.0]
        at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138) [com.google.guava:18.0.0]
        at java.util.Collections$UnmodifiableCollection$1.hasNext(Collections.java:1041) [na:1.8.0_74]
        at org.codehaus.groovy.runtime.DefaultGroovyMethods.collect(DefaultGroovyMethods.java:3169) [na:na]
        at org.codehaus.groovy.runtime.DefaultGroovyMethods.collect(DefaultGroovyMethods.java:3140) [na:na]
        at org.codehaus.groovy.runtime.dgm$66.invoke(Unknown Source) [na:na]
        at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoMetaMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:274) [na:na]
        at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:56) [na:na]
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125) [na:na]
        at org.sonatype.nexus.coreui.capability.CapabilityComponent.read(CapabilityComponent.groovy:78) [na:na]

Attachments

Activity

People

Assignee:: Joseph Stephens

Reporter:: Benjamin Bentmann

Last Updated By:: Peter Lynch

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/09/16 07:08 PM

Updated:: 04/10/17 11:29 PM

Resolved:: 03/24/17 03:30 PM

Date of First Response:: 24/Mar/17 3:30 PM

DefaultCapabilityRegistry is not thread-safe