Review LifeCycle of Parts in Jetty 12 #9336
Assignees
Labels
Bug
For general bugs on Jetty side
Comments
lachlan-roberts
added a commit
that referenced
this issue
Feb 15, 2023
Signed-off-by: Lachlan Roberts <[email protected]>
lachlan-roberts
added a commit
that referenced
this issue
Feb 15, 2023
Issue #9336 - remember ContentSources to fail from ChunksPart
gregpoulos
pushed a commit
to gregpoulos/jetty.project
that referenced
this issue
Feb 16, 2023
… into jetty-12.0.x-old-docs-remove-logging-sections * 'jetty-12.0.x' of https://github.com/eclipse/jetty.project: Rename process to handle (jetty#9385) Bump maven-deploy-plugin from 3.0.0 to 3.1.0 Bump asciidoctorj-diagram from 2.2.3 to 2.2.4 Bump jakarta.servlet.jsp-api from 3.0.0 to 3.1.1 Bump maven-invoker-plugin from 3.4.0 to 3.5.0 Bump maven.surefire.plugin.version from 3.0.0-M8 to 3.0.0-M9 Bump maven-javadoc-plugin from 3.4.1 to 3.5.0 Bump tycho-p2-repository-plugin from 3.0.1 to 3.0.2 Bump maven.version from 3.8.7 to 3.9.0 Remove jetty-ant (jetty#9382) Added inceptionDates.csv Issue jetty#9336 - remember ContentSources to fail from ChunksPart
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The new
ChunksPartin Jetty 12 has a list of chunks whose buffer are released back into the pool when thePartis closed. If the part is used after it is closed it will have a content source returned fromnewContentSource()which will be accessing buffers which are back in the pool.Although the part should not be accessed out of scope, we should protect against this as we don't want a bad application to read from buffers which do not belong to them.
For jetty-core we can obtain a chunk from the request and do the same thing. But I think we should at least protect against this in the EE layers.
The text was updated successfully, but these errors were encountered: