Skip to content

ACL : AclImpl.hashCode leads to StackOverflowError #5401

New issue
New issue
Closed
Closed
ACL : AclImpl.hashCode leads to StackOverflowError#5401
Assignees
rwinch
Labels
in: aclAn issue in spring-security-aclstatus: backportedAn issue that has been backported to maintenance branchestype: bugA general bug
Milestone
5.4.0-M2
@gpoissonnier

Description

@gpoissonnier
gpoissonnier
opened on May 31, 2018

Summary

When calling method AclImpl.hashCode, a java.lang.StackOverflowError is throw

Actual Behavior

A cross-reference exists between AccessControlEntryImpl.hashCode and AclImpl.hasCode. This cross-reference leads to an infinite recursive loop and then to a stack overflow.

AclImpl.hasCode uses hash code of field "aces". "aces" field type is List. And AccessControlEntryImpl.hashCode uses hash code of field "acl". "acl" field type is Acl. The cross-reference is between this 2 fields : AclImpl.aces and AccessControlEntryImpl.acl. "acl" field reference always his Acl object (see AclImpl.insertAce).

Expected Behavior

No cross-reference on AclImpl.hashCode call.

Configuration

Version

spring-security-acl:5.0.1

Sample

java.lang.StackOverflowError: null
at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111]
at org.springframework.security.acls.domain.AclImpl.hashCode(AclImpl.java:351) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.security.acls.domain.AccessControlEntryImpl.hashCode(AccessControlEntryImpl.java:134) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111]
at org.springframework.security.acls.domain.AclImpl.hashCode(AclImpl.java:351) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.security.acls.domain.AccessControlEntryImpl.hashCode(AccessControlEntryImpl.java:134) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111]
at org.springframework.security.acls.domain.AclImpl.hashCode(AclImpl.java:351) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.security.acls.domain.AccessControlEntryImpl.hashCode(AccessControlEntryImpl.java:134) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111]
at org.springframework.security.acls.domain.AclImpl.hashCode(AclImpl.java:351) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.security.acls.domain.AccessControlEntryImpl.hashCode(AccessControlEntryImpl.java:134) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111]

...

Metadata

Metadata

Assignees

Labels

in: aclAn issue in spring-security-aclstatus: backportedAn issue that has been backported to maintenance branchestype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions