Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 329942 - Lazy Instantiation of InheritancePolicy is Dangerous
Summary: Lazy Instantiation of InheritancePolicy is Dangerous
Status: NEW
Alias: None
Product: z_Archived
Classification: Eclipse Foundation
Component: Eclipselink (show other bugs)
Version: unspecified   Edit
Hardware: Macintosh Mac OS X - Carbon (unsup.)
: P2 normal with 6 votes (vote)
Target Milestone: ---   Edit
Assignee: Nobody - feel free to take it CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-11-10 14:42 EST by Missing name CLA
Modified: 2022-06-09 10:33 EDT (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Missing name CLA 2010-11-10 14:42:10 EST
Build Identifier: 2.1.1

ClassDescriptor.getInheritancePolicy() lazily instantiates inheritancePolicy without checking whether such a policy should in fact be created.  Ordinarily this is fine, but in extraordinary circumstances it can ruin the whole persistence context.  We're using Spring-Flex to tie a Flex frontend to an EclipseLink persistance graph.  If a org.eclipse.persistence.exceptions.DatabaseException is thrown and not caught, Spring-Flex will attempt to serialize it and return it to the client.  As part of the AMF serialization process, all the exception's properties are introspected, including inheritancePolicy, which causes a fake InheritancePolicy to be created.  Subsequent uses of the persistence graph result in a null pointer in AbstractRecord.get() because the broken InheritancePolicy has a null classIndicatorField.

Reproducible: Always

Steps to Reproduce:
1. Create a "Hello world" project using Spring-Flex and Eclipselink
2. Create a broken finder query, e.g. 'SELECT o FROM Foo o WHERE o.bar in ?' without setting the ? param
3. Invoke the finder... you'll get a DatabaseException
4. Try to invoke findByPrimaryKey or really any persistence operation.  They'll all fail on an NPE.
Comment 1 Tom Ware CLA 2010-11-18 08:25:37 EST
Setting target and priority.  See the following page for the meanings of these fields:

http://wiki.eclipse.org/EclipseLink/Development/Bugs/Guidelines
Comment 2 Michael Nielson CLA 2011-06-01 10:43:32 EDT
Would it make sense to refactor getInheritancePolicy to acquireInheritancePolicy or similar? In general I haven't heard of problems with mis-use of calling getInheritancePolicy without first calling hasInheritancePolicy but I've seen quite a few people caught up by serialization issues. BlazeDS seems to be a major culprit, but I think the best fix here is to removed side affects from the getter?

If needed I can supply a patch to rename these methods.
Comment 3 Tom Ware CLA 2011-06-01 11:17:45 EDT
How do these libraries decide which properties to get (what does AMF serialization do)?  Do they look for every method that starts with "get"? Does this mean to work with these frameworks, we shouldn't do lazy initialization at all.  I wonder if you'll see issues with other methods as well. (e.g. getInterfacePolicy())

We will have backwards compatibility issues with simply renaming this method. We would have to look into doing something like checking to see if the descriptor is already initialized and not initializing in that case.
Comment 4 Michael Nielson CLA 2011-06-01 12:28:22 EDT
BlazeDS uses the standard JavaBean interface for determining properties, anything with both a getter and a setter is serialized. I'd assume this is true of a lot of serialization frameworks. 

I'm not sure if lazy instantiation is entirely at fault but in this case all of eclipselink breaks because the value should not be instantiated at all. A preemptive check to see if the value should be initialized at all would also solve this.
Comment 5 John CLA 2011-08-18 14:13:55 EDT
Is this bug being actively worked?  Calling a simple getter method shouldn't be able to bring down a JPA container.
Comment 6 Tom Ware CLA 2011-08-18 14:58:58 EDT
Please vote for this bug if you consider it important.  Votes are a key determining factor when we decide which community-found bugs to work on.
Comment 7 Eclipse Webmaster CLA 2022-06-09 10:33:29 EDT
The Eclipselink project has moved to Github: https://github.com/eclipse-ee4j/eclipselink