** CID 157637: Data race undermines locking (LOCK_EVASION)
/lightblue-rest/auth/src/main/java/com/redhat/lightblue/rest/auth/jboss/CertLdapLoginModule.java: 138 in com.redhat.lightblue.rest.auth.jboss.CertLdapLoginModule.initialize()()
________________________________________________________________________________________________________
*** CID 157637: Data race undermines locking (LOCK_EVASION)
/lightblue-rest/auth/src/main/java/com/redhat/lightblue/rest/auth/jboss/CertLdapLoginModule.java: 138 in com.redhat.lightblue.rest.auth.jboss.CertLdapLoginModule.initialize()()
132
133 int rolesCacheExpiry = 5*60*1000; // default 5 minutes
134 if (options.containsKey(ROLES_CACHE_EXPIRY_MS)) {
135 rolesCacheExpiry = Integer.parseInt((String)options.get(ROLES_CACHE_EXPIRY_MS));
136 }
137
>>> CID 157637: Data race undermines locking (LOCK_EVASION)
>>> Thread2 checks "lbLdap", reading it after Thread1 assigns to "lbLdap" but before some of the correlated field assignments can occur. It sees the condition "com.redhat.lightblue.rest.auth.jboss.CertLdapLoginModule.lbLdap == null" as being false. It continues on before the critical section has completed, and can read data changed by that critical section while it is in an inconsistent state.
138 if (lbLdap == null) {
139 synchronized(LdapRolesProvider.class) {
140 if (lbLdap == null) {
141 lbLdap = new CachedRolesProvider(new LdapRolesProvider(searchBase, ldapConf), new RolesCache(rolesCacheExpiry));
142 }
143 }
jewzaam
commented
7 years ago