JDK-8143222 : StackOverflowError during PolicyFile lookup
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8u66
  • Priority: P3
  • Status: Resolved
  • Resolution: Duplicate
  • OS: windows_7
  • CPU: x86_64
  • Submitted: 2015-11-13
  • Updated: 2016-09-27
  • Resolved: 2015-11-18
Related Reports
Duplicate :  
Relates :  
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b18)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b18, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
StackOverflowError during PolicyFile lookup

A DESCRIPTION OF THE PROBLEM :
Running a custom Security Manager works fine until a specific point. Then we get a StackOverflow when reading the policy file. This bug has been fixed for JDK 9 but not been backported to JDK 8:

Former Bug Ticket
JDK-8077418

Our Custom Security Manager catches the exception of of a security violation and only logs it. (like a dryrun)

Please backport the fix to JDK 8. Until then working with a Custom Security Manager is not possible as it can lead to 

REGRESSION.  Last worked in version 9

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
This is an old bug. The fix has not been backported to jdk 8 but fixed in jdk 9:

JDK-8077418

Run java security with a custom security manager (like the one we posted) and let it run some time.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Logging of the missing permission which caused the security exception
ACTUAL -
package de.kvb.common.security.manager;

import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;

/**
 * Custom SecurityManager for logging access violations instead of throwing Exceptions
 */
public class KvbSecurityManager extends SecurityManager {

    public KvbSecurityManager() {
    }

    @Override
    public void checkPermission(Permission perm) {

        try {
            super.checkPermission(perm);

        } catch(AccessControlException e) {
            System.out.println(perm);
        }

    }
}


ERROR MESSAGES/STACK TRACES THAT OCCUR :
package de.kvb.common.security.manager;

import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;

/**
 * Custom SecurityManager for logging access violations instead of throwing Exceptions
 */
public class KvbSecurityManager extends SecurityManager {

    public KvbSecurityManager() {
    }

    @Override
    public void checkPermission(Permission perm) {

        try {
            super.checkPermission(perm);

        } catch(AccessControlException e) {
            System.out.println(perm);
        }

    }
}


REPRODUCIBILITY :
This bug can be reproduced often.

---------- BEGIN SOURCE ----------
package de.kvb.common.security.manager;

import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;

/**
 * Custom SecurityManager for logging access violations instead of throwing Exceptions
 */
public class KvbSecurityManager extends SecurityManager {

    public KvbSecurityManager() {
    }

    @Override
    public void checkPermission(Permission perm) {

        try {
            super.checkPermission(perm);

        } catch(AccessControlException e) {
            System.out.println(perm);
        }

    }
}

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
No workaround possible


Comments
This is fixed in 8u65 b02 with the following bug : JDK-8129170. Closing this as duplicate.
18-11-2015