[jira] [Commented] (DBCP-484) Connection leak during XATransaction in high load

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (DBCP-484) Connection leak during XATransaction in high load

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/DBCP-484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16737508#comment-16737508 ]

Mark Thomas commented on DBCP-484:
----------------------------------

I don't think this meets the bar for a CVE.

It can't be reliably triggered by a remote user. The bug appears to be rare enough that a malicious user isn't going to be able to exhaust server resources with this. Also, the abandoned connection clean-up releases the leaked resource.

> Connection leak during XATransaction in high load
> -------------------------------------------------
>
>                 Key: DBCP-484
>                 URL: https://issues.apache.org/jira/browse/DBCP-484
>             Project: Commons DBCP
>          Issue Type: Bug
>    Affects Versions: 2.2.0
>            Reporter: Emanuel Freitas
>            Priority: Major
>             Fix For: 2.4.0
>
>         Attachments: dbcp-test.zip
>
>
> We're experiencing a connection leak in a distributed transaction when the system is under heavy load. We're using commons-dbcp (latest version) + eclipselink and narayana to perform transaction coordination.
> From time to time we can see a stacktrace reporting an abandoned connection. We are trying to figure out what's the root cause and we think that might be some issue in the commons dbcp (not sure) . More specifically, this parte of the code:
> ManagedConnection#updateTransactionStatus
> {code:java}
> if (transactionContext != null) {
>     if (transactionContext.isActive()) {
>         if (transactionContext != transactionRegistry.getActiveTransactionContext()) {
>             throw new SQLException("Connection can not be used while enlisted in another transaction");
>         }
>         return;
>     }
>     // transaction should have been cleared up by TransactionContextListener, but in
>     // rare cases another lister could have registered which uses the connection before
>     // our listener is called.  In that rare case, trigger the transaction complete call now
>     transactionComplete();    
> }{code}
>  
> If the transactionContext is different than null but the state is not "active" (ex: STATUS_ROLLEDBACK, STATUS_ROLLING_BACK, etc) it executes the transactionComplete mothod that clears the reference to a shared connection and after that the connection is never closed (returned to the pool). 
>  
> If we move the transactionComplete(); to an else,(see below), the connection leak does not happen.
> {code:java}
> if (transactionContext != null) {
>     if (transactionContext.isActive()) {
>         if (transactionContext != transactionRegistry.getActiveTransactionContext()) {
>             throw new SQLException("Connection can not be used while enlisted in another transaction");
>         }
>         return;
>     }
> } else {
>     transactionComplete();
> }{code}
>  
> After this the dbcp unit tests still pass but I'm not sure about this changes. Can you please check?
> Thanks
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)