git2abhi / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

Incorrect lazy initialization of static field instance #315

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
I have V2.1 from sources.

The DefaultValidator.java class bad synchronization (double locking 
anti-pattern) and uses a class lock instead of a more efficient local lock.

The corrected code follows:

private static final Object lock = new Object();

    public static Validator getInstance() {

        synchronized ( lock ) {

            if ( instance == null ) {

                instance = new DefaultValidator();

            }

        }

        return instance;

    }

Original issue reported on code.google.com by eamonn.w...@gmail.com on 26 Nov 2013 at 7:52

GoogleCodeExporter commented 8 years ago
Look again. 'instance' is declared volatile:
    private static volatile Validator instance = null;
The double-check pattern work fine when the 'volatile' modifier is specified, 
as long as you are using JDK 1.5 or later. (JDK 1.5 introduced a new memory 
model that made this work.)

No fix is necessary. Closing.

Original comment by kevin.w.wall@gmail.com on 23 Jan 2014 at 6:55