Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8036630

Null ProtectionDomain in JVM can cause NPE because principals field is not initialized to an empty array

XMLWordPrintable

    • b08

        Hotspot creates a "null" ProtectionDomain object (basically a PD with a null CodeSource and no permissions) when we do the isAuthorized check. An NPE is thrown if code subsequently calls getPrincipals() on that PD, because hotspot is initializing the principals field to null instead of initializing it with an empty array, like the two public ProtectionDomain constructors do. Right now I can only find a code path affecting debug code, so it is not a critical bug. Attached is a test case, compile and run as:

        java -Djava.security.debug=all Test

        You will see the NPE and stack towards the end of the debug log:

        Exception in thread "main" java.lang.NullPointerException
        at java.security.ProtectionDomain.getPrincipals(ProtectionDomain.java:222)
        at sun.security.provider.PolicyFile.printPD(PolicyFile.java:1774)
        at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1178)
        at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1132)
        at java.security.ProtectionDomain$2.run(ProtectionDomain.java:367)
        at java.security.ProtectionDomain$2.run(ProtectionDomain.java:364)

              coleenp Coleen Phillimore
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: