Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 355400

Summary: org.eclipse.equinox.internal.security.storage.Base64 is not threadsafe
Product: [Eclipse Project] Equinox Reporter: Thomas Watson <tjwatson>
Component: SecurityAssignee: Thomas Watson <tjwatson>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: P3 CC: john.arthorne, matt_lavin, ob1.eclipse, remy.suen, tjwatson
Version: 3.7   
Target Milestone: 3.7.1   
Hardware: PC   
OS: All   
Whiteboard:
Bug Depends on: 354299    
Bug Blocks:    

Description Thomas Watson CLA 2011-08-22 11:01:25 EDT 
Cloning bug for inclusion in 3.7.1.

+++ This bug was initially created as a clone of Bug #354299 +++

Build Identifier: 

If more than one thread calls Base64.decode at the same time, the wrong value can be returned to the user.  It's possible that this is problem might be the cause for some defects related to our product:

https://jazz.net/jazz/resource/itemName/com.ibm.team.workitem.WorkItem/171495
https://jazz.net/jazz/resource/itemName/com.ibm.team.workitem.WorkItem/167948


Reproducible: Sometimes

Steps to Reproduce:
The problem can be reproduced by looking at the code.  Imagine two threads calling Base64.decode() at the same time.

Both threads execute until the call to init(), but because init() is synchronized only one will enter.  Now, one thread is executing in init() and the other is waiting to enter the synchronized method.

After the first thread finishes with init() it proceeds through the rest of the method calling decode() at various places.  If the second thread starts executing init() while decode() is executing in the first thread, then two threads will be accessing a shared field without synchronization.  That can lead to corruption in the decoding of the string because the field used in the decode method might not be initialized while it's used.