Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACL : AclImpl.hashCode leads to StackOverflowError #5401

Closed
gpoissonnier opened this issue May 31, 2018 · 2 comments
Closed

ACL : AclImpl.hashCode leads to StackOverflowError #5401

gpoissonnier opened this issue May 31, 2018 · 2 comments
Assignees
@rwinch
Labels
in: acl An issue in spring-security-acl status: backported An issue that has been backported to maintenance branches type: bug A general bug
Milestone
5.4.0-M2

Comments

@gpoissonnier
Copy link

Summary

When calling method AclImpl.hashCode, a java.lang.StackOverflowError is throw

Actual Behavior

A cross-reference exists between AccessControlEntryImpl.hashCode and AclImpl.hasCode. This cross-reference leads to an infinite recursive loop and then to a stack overflow.

AclImpl.hasCode uses hash code of field "aces". "aces" field type is List. And AccessControlEntryImpl.hashCode uses hash code of field "acl". "acl" field type is Acl. The cross-reference is between this 2 fields : AclImpl.aces and AccessControlEntryImpl.acl. "acl" field reference always his Acl object (see AclImpl.insertAce).

Expected Behavior

No cross-reference on AclImpl.hashCode call.

Configuration

Version

spring-security-acl:5.0.1

Sample

java.lang.StackOverflowError: null
at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111]
at org.springframework.security.acls.domain.AclImpl.hashCode(AclImpl.java:351) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.security.acls.domain.AccessControlEntryImpl.hashCode(AccessControlEntryImpl.java:134) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111]
at org.springframework.security.acls.domain.AclImpl.hashCode(AclImpl.java:351) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.security.acls.domain.AccessControlEntryImpl.hashCode(AccessControlEntryImpl.java:134) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111]
at org.springframework.security.acls.domain.AclImpl.hashCode(AclImpl.java:351) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.security.acls.domain.AccessControlEntryImpl.hashCode(AccessControlEntryImpl.java:134) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111]
at org.springframework.security.acls.domain.AclImpl.hashCode(AclImpl.java:351) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.security.acls.domain.AccessControlEntryImpl.hashCode(AccessControlEntryImpl.java:134) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111]

...
@Maxvgrad Maxvgrad mentioned this issue Apr 27, 2019
Closed
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 7, 2019
neeleshs added a commit to neeleshs/spring-security-acl-mongodb that referenced this issue May 24, 2019
@neeleshs
Upgrade to Spring 5.1.5 and fix test case failure due to
0b57e8b 
spring-projects/spring-security#5401
@udayrajluhar
Copy link

@spring-issuemaster @gpoissonnier @leon @michaelpigg @mengelbrecht Hi All, what is the plan for #5401 to be merged and available for use.

@rwinch rwinch closed this as completed in 4f58576 May 21, 2020
@rwinch rwinch added in: acl An issue in spring-security-acl type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels May 21, 2020
@rwinch rwinch self-assigned this May 21, 2020
@rwinch rwinch added this to the 5.4.0-M2 milestone May 21, 2020
rwinch pushed a commit that referenced this issue May 21, 2020
@Maxvgrad @rwinch
Prevent StackOverflowError for AccessControlEntryImpl.hashCode
892f2f8 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
@spring-projects-issues spring-projects-issues added the status: backported An issue that has been backported to maintenance branches label May 21, 2020
Closed
rwinch pushed a commit that referenced this issue May 21, 2020
@Maxvgrad @rwinch
Prevent StackOverflowError for AccessControlEntryImpl.hashCode
279ddbe 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
Closed
rwinch pushed a commit that referenced this issue May 21, 2020
@Maxvgrad @rwinch
Prevent StackOverflowError for AccessControlEntryImpl.hashCode
8bb4e72 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
Closed
rwinch pushed a commit that referenced this issue May 21, 2020
@Maxvgrad @rwinch
Prevent StackOverflowError for AccessControlEntryImpl.hashCode
a39efaf 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
Closed
@rwinch
Copy link
Member

rwinch commented May 21, 2020

Thanks for the ping @udayrajluhar This is now merged into master and backported through 5.0.x See the list of issues above for details

@vincemann vincemann mentioned this issue May 7, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: acl An issue in spring-security-acl status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
5.4.0-M2
Development

Successfully merging a pull request may close this issue.

Prevent StackOverflowError for AccessControlEntryImpl.hashCode
4 participants
@rwinch @udayrajluhar @spring-projects-issues @gpoissonnier