|
Duplicate :
|
|
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
FULL PRODUCT VERSION : java version "1.6.0-ea" Java(TM) 2 Runtime Environment, Standard Edition (build 1.6.0-ea-b58) Java HotSpot(TM) Client VM (build 1.6.0-ea-b58, mixed mode, sharing) ADDITIONAL OS VERSION INFORMATION : Microsoft Windows 2000 [Version 5.00.2195] A DESCRIPTION OF THE PROBLEM : java.math.BigInteger is supposed to be immutable. Unfortunately, this is true only for single-threaded applications. java.math.BigInteger is *not* thread-safe immutable. Given that its main fields are not declared as final, an instance constructed in one thread can be seen differently (not immutable) in another. This is true ven if the instance is fully constructed in the first thread before passing a reference to it to the second thread. This is discussed in chapter 17 of the Java Language Specification, 3rd ed. about the Java memory model. Because it is claimed that java.math.BigInteger is immutable, it is natural for programmers to use it without concerns about synchronizing access to instances. This can lead to security breaches in cryptographic software by accessing the same instance in more threads that see different values. REPRODUCIBILITY : This bug can be reproduced always. CUSTOMER SUBMITTED WORKAROUND : Short-term, for the clients of the API: use synchronization to make use of BigIntegers. Long-term, for JDK developer: Rewrite BigInteger making the fields final and ensuring that it is fully thread-safe immutable.
|