-2017-07-17 11:59 GMT+03:00 Matthias Keller <matthias.kel...@ergon.ch>: > Hi > > In our production environment we (sometimes but still often enough) have the > problem, that we get an NPE deep within the Response object. > > This occurs under 8.5.13 and 8.5.16. > > The stacktrace (from 8.5.13) is as follows: > > org.apache.catalina.connector.Response.generateCookieString(Response.java:999) > org.apache.catalina.connector.Response.addCookie(Response.java:947) > org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386) > javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58) > javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58) > javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58) > > The code leading to it is: > > Cookie c = new Cookie(cookieName, ""); > c.setMaxAge(0); > cookie.setPath(contextPath); > response.addCookie(cookie); > > We use the LegacyCookieProcessor via tomcat's context.xml: > > <CookieProcessor > className="org.apache.tomcat.util.http.LegacyCookieProcessor" /> > > It appears that the context object is null in those cases (which I can > confirm using the debugger), but I have no clue as of why this could be > happening? Especially since it doesn't happen every time. > > Any clues or hints? What could I do to debug this problem? > > BTW this doesn't happen on Tomcat 7.0.77 >
'context' field (response -> request -> mappingData -> context) is populated during request mapping and is cleared when the request&response are recycle()'d when request processing is done. It might be that you access response object when request processing has already been completed. If you see the request object in a debugger, can you inspect its fields? Setting the following system property should make such application errors more visible: org.apache.catalina.connector.RECYCLE_FACADES=true (A bug in Tomcat connector code that results in concurrent processing of the same Request/Response object is possible, but unlikely. If it is there, it will be a security issue, see CVE-2017-5651 (fixed in 8.5.13) as an example). http://tomcat.apache.org/security.html Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
