java static list causes memory leak
I have following code which seems to be causing some memory leaks. This code snippet(i.e. hasPermissions()) get executed every time when a user performs an action.
So from what I understood, since Map permissions is a static object, all permissionsList objects that are created inside hasPermission() method have references to global static object(i.e. permissions); therefore, is not eligible to be garbage collected?
Following is the Leak Suspect showing for its heap dump in Eclipse Memory Analyzer tool. When I navigate to details, it shows the class with following code snippet. I found Java List.addAll() function internally creates LinkedList. I'm still trying to comprehend what's exactly happening here. Appreciate your thoughts.
public class AccessManager {
private static Map <Integer, List> permissions;
public static void init()
{
//initiate permissions and add values
}
public static boolean hasPermissions(List<Integer> accessLevels, String action)
{
if (permissions == null)
init();
List permissionsList = null;
for (Integer a : accessLevels) {
if (permissionsList == null) {
permissionsList = permissions.get(a);
} else {
permissionsList.addAll(permissions.get(a));
}
}
if(permissionsList.contains(action)){
return true;
}
return false;
}
}
That code is quite severely broken. In adding new permissions to a List referenced by permissions, the hasPermission method not only creates a memory leak, but may cause subsequent access checks to be incorrectly granted, which might be a quite serious security vulnerability.
For instance, if permissions contains
| Key | Value |
|---|---|
| 1 | [a] |
| 2 | [b] |
and you execute hasPermissions(Arrays.asList(1,2), "b"), permissions will be updated to contain
| Key | Value |
|---|---|
| 1 | [a, b] |
| 2 | [b] |
causing a subsequent call to hasPermissions(Arrays.asList(1), "b") to return true.
Also each further call to hasPermissions(Arrays.asList(1,2), "b") causes b to be added again:
| Key | Value |
|---|---|
| 1 | [a, b, b] |
| 2 | [b] |
causing that list to get longer and longer until memory is exhausted. This extremely long list full of duplicates will slow down access checks such as hasPermissions(Arrays.asList(1), "c") to a crawl.
Oh, and by the way, the lazy initialization that calls init on first invocation of hasPermissions is not thread safe, but potentially accessed by multiple threads. You should either declare permissions volatile (or even synchronize init if init is not safe for use by multiple threads), or invoke init in a static initializer.
- Maven Error | Error: Could not find or load main class org.codehaus.plexus.classworlds.launcher.Launcher
- Adding a item to a list
- Connection error to Kafka broker when publishing a message through java app
- IntelliJ - Can't start - "JAVA_HOME does not point to a valid JVM installation"
- Execution default of goal org.springframework.boot:spring-boot-maven-plugin:1.0.2.RELEASE:repackage failed: Source must refer to an existing file
- Is Qt Jambi dead?
- Anticapte FileChooser closing to abort a the runing task
- How to short-circuit a reduce() operation on a Stream?
- I want to give condition to list.add in the ~impl file generated by mapstruct. What should I do?
- Error: Unable to determine the current character, it is not a string, number, array, or object in react-native for android
- filter list based on dynamic criteria using java streams
- Conditionally modifying collections inline using Java Streams
- Upgrading to Spring Boot 3 causing annotation processing errors
- Guava EventBus: How to return result from event handler
- run project in netbeans does nothing at all
- NoSuchMethodError in org.json.JSONObject after kubernetes upgrade from 1.21 to 1.23
- Reflection generic get field value
- "Stored procedure 'xxx' may be run only in unchained transaction mode." error when calling a procedure from a DataSource, in an EJB context
- Kotlin + Java 9 modules: Module java.base cannot be found in the module graph
- Customizing time zone with TaskScheduler.getClock()
- No endpoint mapping found for [SaajSoapMessage {http://schemas.xmlsoap.org/soap/envelope/}UpdateXXXRequest]
- Clone() vs Copy constructor- which is recommended in java
- Create a shortcut for system.out.println in visual studio code
- Spring Transactional TimeOut
- Initial SessionFactory creation failed - org.hibernate.MappingException: An association from the table X refers to an unmapped class: Y
- "Invalid privatekey" when using JSch
- What is the exact meaning of instantiate in Java
- Plugin with id 'maven' not found
- How do I get trading holidays from the Bloomberg API
- Conflicts between pytorch and openCV on android