This issue has been created
There is 1 update.
 
 
XWiki Platform / cid:jira-generated-image-avatar-0573ba5d-1de3-4c78-a4ec-da3981eb9f5a XWIKI-23303 Open

Insufficient protection against stack overflows
 
View issue   ·   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-c6b75c02-b3de-4475-ad8d-f56a70699afd Michael Hamann created this issue on 16/Jun/25 15:52
 
Summary: Insufficient protection against stack overflows
Issue Type: cid:jira-generated-image-avatar-0573ba5d-1de3-4c78-a4ec-da3981eb9f5a Bug
Affects Versions: 16.10.0
Assignee: Unassigned
Attachments: image-2025-06-16-13-58-00-489.png
Components: Old Core
Created: 16/Jun/25 15:52
Priority: cid:jira-generated-image-static-major-5f2f8136-d823-4771-be33-46108fb98b90 Major
Reporter: Michael Hamann
Description:

Steps to reproduce:

Create a page with the following content:

{{velocity}}
{{html clean="false"}}$doc.getRenderedContent(){{/html}}
{{/velocity}}

Expected result:

An error related to the nested displaying of the page is displayed.

Actual result:

A java.lang.StackOverflowError is triggered:

43748_image-2025-06-16-13-58-00-489.png

StackOverflowError might lead to unreleased locks and we found that following stack overflows, on some XWiki installations we got org.infinispan.util.concurrent.TimeoutException: ISPN000299: Unable to acquire lock after 10 seconds for key… persistently for some keys in several caches after stack overflows. This seemed to affect primarily keys that were set in requests in which the stack overflow occurred. Note that we're currently not really careful when handling stack overflow errors and we might call additional methods like the error displayer in the macro transformation with an almost full stack, leading to further stack overflow errors. This seems to be a likely root cause of XWIKI-23220.
 
 

1 update

 
cid:jira-generated-image-avatar-c6b75c02-b3de-4475-ad8d-f56a70699afd Changes by Michael Hamann on 16/Jun/25 15:58
 
Description: *Steps to reproduce:*

Create a page with the following content:
{noformat}
{{velocity}}
{{html clean="false"}}$doc.getRenderedContent(){{/html}}
{{/velocity}}
{noformat}

*Expected result:*

An error related to the nested displaying of the page is displayed.

*Actual result:*

A {{java.lang.StackOverflowError}} is triggered:

!image-2025-06-16-13-58-00-489.png!

{{StackOverflowError}} [might lead to unreleased locks|https://bugs.openjdk.org/browse/JDK-8318888] and we found that following stack overflows, on some XWiki installations we got {{org.infinispan.util.concurrent.TimeoutException: ISPN000299: Unable to acquire lock after 10 seconds for key}}… persistently for some keys in several caches after stack overflows . This seemed to affect primarily keys that were set in requests in which the stack overflow occurred. Note that we're currently not really careful when handling stack overflow errors and we might call additional methods like the error displayer in the macro transformation with an almost full stack, leading to further stack overflow errors. This seems to be a likely root cause of XWIKI-23220.
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.