Potentially concurrent and memory leak #25997
Comments
spring-projects-issues
added
the
status: waiting-for-triage
|
We don't usually consider race conditions and internal memory leaks as security-sensitive, so feel free to raise them here directly. Of course, if you have can reproduce an externally induced memory leak leading to a potential DoS attack, it's better off as a security report. However, your report above rather sounds like feedback on an implementation pattern based on a code review... |
|
If by any chance you mean non-synchronized get/put operations against a |
|
Hi Juergen, Thanks for verbose explanation. That kind of issues are difficult to reproduce and code review is probably one of the best way to find it. So, You right my feedback based on a code review. As discussed it should be possible to get rid of double lock in similar place to Could you change status of ticket to Kindly regards, |
rstoyanchev
added
the
in: core
|
I think this should have been closed with #30780. |
bclozel
added
status: superseded
Affects:
all up to 5.3.1-SNAPSHOT
I found some suspicious pattern of the Java code which can lead to concurrent race condition and memory leak. I confirm problematic software pattern in other software, outside of Spring. In Spring-Framework source code I found the same concurrent pattern in places e.g. CacheAspectSupport, AbstractAdvisingBeanPostProcessor, AdvisedSupport, AsyncExecutionInterceptor etc.
Also in other place of Spring-Framework source code it's correctly implemented.
Also I'd like to mention that I'm application developer not framework developer and I don't know internal Spring implementation. I known sounds unlikely. I hope I'm wrong.
I will provide more details via e-mail security@pivotal.io
Kindly regards
The text was updated successfully, but these errors were encountered: