-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 1.4.0
-
Component/s: security-libs
-
beta2
-
sparc
-
solaris_2.6
In javax.net.SocketFactory.getDefault():
//
// optimize typical case: no synch needed
//
if (theFactory == null) {
synchronized (SocketFactory.class) {
theFactory = new DefaultSocketFactory();
}
}
There is similar code in javax.net.ServerSocketFactory:
//
// optimize typical case: no synch needed
//
if (theFactory == null) {
synchronized (ServerSocketFactory.class) {
theFactory = new DefaultServerSocketFactory();
}
}
The optimizations are problemmatic because theFactory is checked outside
of the synchronization block. This could lead to a situation where
theFactory is set but the constructor (DefaultSocketFactory/DefaultServerSocketFactory) not completed, thus
leading to a bad address error. The fix is to lock before doing the check
(i.e. remove the optimization).
//
// optimize typical case: no synch needed
//
if (theFactory == null) {
synchronized (SocketFactory.class) {
theFactory = new DefaultSocketFactory();
}
}
There is similar code in javax.net.ServerSocketFactory:
//
// optimize typical case: no synch needed
//
if (theFactory == null) {
synchronized (ServerSocketFactory.class) {
theFactory = new DefaultServerSocketFactory();
}
}
The optimizations are problemmatic because theFactory is checked outside
of the synchronization block. This could lead to a situation where
theFactory is set but the constructor (DefaultSocketFactory/DefaultServerSocketFactory) not completed, thus
leading to a bad address error. The fix is to lock before doing the check
(i.e. remove the optimization).