Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

getBeanDefinitionNames should not leak the frozenBeanDefinitionNames array [SPR-14897] #19463

Closed
spring-projects-issues opened this issue Nov 10, 2016 · 2 comments
Assignees
Milestone

Comments

@spring-projects-issues
Copy link
Collaborator

@spring-projects-issues spring-projects-issues commented Nov 10, 2016

Richard Fearn opened SPR-14897 and commented

getBeanDefinitionNames leaks the getBeanDefinitionNames array to callers. It's possible for the caller to modify the array, which affects Spring's internal list of the names of beans in the context.


Affects: 4.3.4

Attachments:

Issue Links:

  • #17012 DefaultListableBeanFactory should allow efficient access to current bean names
  • #19488 DefaultListableBeanFactory.copyConfigurationFrom should provide independent AutowireCandidateResolver instance
@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Nov 11, 2016

Juergen Hoeller commented

Good point; we're returning a clone of the array now. To be backported to 4.3.5.

FWIW, in the 4.x line, we have a more efficient getBeanNamesIterator() accessor on ConfigurableListableBeanFactory which is preferably used by Spring Boot already.

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Nov 11, 2016

Richard Fearn commented

FWIW, in the 4.x line, we have a more efficient getBeanNamesIterator() accessor on ConfigurableListableBeanFactory which is preferably used by Spring Boot already.

Thanks - I see that was added in commit 965bea7, though that didn't go into Spring 4.0, which we are currently using (yes, we really need to upgrade!).

The reason I'm getting the list of bean names is so that I can sort them alphabetically, and dump out a list of them for diagnostic purposes - so getting an iterator vs. an array doesn't make a huge amount of difference. Thanks for the suggestion though!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.